CVE-2020-3353 — Race Condition in Cisco Identity Services Engine Software

CWE-362 — Race Condition4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.4%

top 40.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine Software Cisco Identity Services Engine

Timeline

PublishedJun 3

Latest updateMay 24

Description

A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. An attacker could exploit this vulnerability by sending a high rate of syslog messages to an affected device. A successful exploit could allow the attacker to cause the Application Server process to c…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/identity_services_engine2.2.0.470, 2.3.0.298, 2.4.0.357+2

▶CVEListV5cisco/cisco_identity_services_engine_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-vrjw-2w56-8m6q: A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a den↗2022-05-24

▶

CVEList

Cisco Identity Services Engine Denial of Service Vulnerability↗2020-06-03

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine Denial of Service Vulnerability↗2020-06-03

▶