CVE-2023-20243 — Improper Handling of Exceptional Conditions in Cisco Identity Services Engine Software

CWE-399 CWE-755 — Improper Handling of Exceptional Conditions4 documents4 sources

Severity

8.6HIGHNVD

EPSS

0.4%

top 40.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine Software Cisco Identity Services Engine

Timeline

PublishedSep 6

Description

A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This w…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶NVDcisco/identity_services_engine3.1, 3.2+1

▶CVEListV5cisco/cisco_identity_services_engine_software9 versions+8

🔴Vulnerability Details

GHSA

GHSA-64jj-6hmj-39jw: A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to ca↗2023-09-06

▶

CVEList

CVE-2023-20243: A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to ca↗2023-09-06

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine RADIUS Denial of Service Vulnerability↗2023-09-06

▶