A important vulnerability in Cisco Id Companies Engine (ISE) may enable distant attackers to crash the system via a crafted sequence of RADIUS requests.
The flaw CVE-2024-20399, lies in how ISE handles repeated authentication failures from rejected endpoints, making a denial-of-service situation that forces surprising system restarts.
The vulnerability stems from a logic error within the RADIUS configuration that rejects shopper requests after repeated failures.
Attackers can exploit this by sending specifically crafted RADIUS entry request messages concentrating on MAC addresses already flagged as rejected endpoints.
Cisco Id Companies Engine Vulnerability
When ISE processes these malicious requests, the system crashes and restarts unexpectedly, disrupting authentication providers throughout the community.
Any such assault requires no authentication credentials, making it significantly harmful for organizations counting on ISE for community entry management and endpoint administration.
Cisco ISE variations 3.4.0 via 3.4 Patch 3 are weak by default as a result of the “Reject RADIUS requests from purchasers with repeated failures” setting is enabled by default in these releases.
CVE IDProductAffected VersionsCVSS v3.1 ScoreVulnerability TypeCVE-2024-20399Cisco ISE3.4.0, 3.4 P1, 3.4 P2, 3.4 P37.5Denial of Service (DoS)
ISE serves as a central level for community entry management, system authentication, and compliance coverage enforcement.
When ISE restarts unexpectedly, organizations lose visibility into community exercise and should expertise authentication failures for respectable customers and gadgets.
This cascading impact can disrupt enterprise operations throughout your complete community infrastructure. Cisco has launched a number of choices to deal with this risk.
Organizations can instantly flip off the weak RADIUS setting within the administration console. Nonetheless, Cisco recommends re-enabling it as soon as methods are patched.
ISE model 3.4 methods ought to be upgraded to Patch 4 or later. Notably, earlier variations (3.3 and under) and newer releases (3.5+) should not affected by this concern.
Directors ought to examine their ISE configuration at Administration > System > Settings > Protocols > RADIUS to confirm their present standing.
The vulnerability solely impacts methods with the repeated failures rejection setting enabled, so disabling it offers short-term safety whereas upgrades are deliberate.
Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
