CVE-2022-20756 — Cisco Identity Services Engine Software vulnerability

CWE-3994 documents4 sources

Severity

7.5HIGHNVD

CNA8.6

EPSS

1.1%

top 21.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine Software Cisco Identity Services Engine

Timeline

PublishedApr 6

Latest updateApr 7

Description

A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by attempting to authenticate to a network or a service where the access server is using Cisco ISE as the RADIUS server. A successful exploit could allow the attacker to cause Cisco ISE to s…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/identity_services_engine7 versions+6

▶CVEListV5cisco/cisco_identity_services_engine_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-qwcc-f7fm-5q6x: A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected sy↗2022-04-07

▶

CVEList

Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability↗2022-04-06

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability↗2022-03-02

▶