Vulnerabilities > CVE-2022-20756 - Unspecified vulnerability in Cisco Identity Services Engine

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cisco

NVD

Published: 2022-04-06

Updated: 2023-11-07

Summary

A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by attempting to authenticate to a network or a service where the access server is using Cisco ISE as the RADIUS server. A successful exploit could allow the attacker to cause Cisco ISE to stop processing RADIUS requests, causing authentication/authorization timeouts, which would then result in legitimate requests being denied access. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) is required. See the Details section for more information.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Identity Services Engine 2.6.0 Cisco Identity Services Engine 2.4.0 Cisco Identity Services Engine 2.7.0 Cisco Identity Services Engine 2.7.0.356 Cisco Identity Services Engine 3.0.0 Cisco Identity Services Engine 3.1 Cisco Identity Services Engine 2.2.0	16

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp