VDB

CVE-2021-1620

CVE-2021-1620 PUBLISHED CVSS 7.699999809265137 HIGH

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition.

EPSS 0.33% · 56.3th percentile

Risk Scores

CVSS 3.1
7.699999809265137
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.33%
56.3th percentile

Affected Products

VendorProductVersions
CiscoCisco IOSn/a
ciscoios*, 15.3\(3\)jg1, 15.3\(3\)jh
ciscoios_xe3.8.2e, 3.8.3e, 3.8.4e

Exploit Intelligence

Timeline

  • Apr 13, 2021 CVE Published
  • Sep 23, 2021 EPSS Score
  • Nov 19, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Jan 15, 2022 EPSS Score
  • Mar 14, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 10, 2022 EPSS Score
  • Jul 6, 2022 EPSS Score
  • Sep 2, 2022 EPSS Score
  • Oct 29, 2022 EPSS Score
  • Dec 26, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›