CVE-2023-20243

Severity Score

8.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets.
This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This would eventually result in the NAD sending a RADIUS accounting request packet to Cisco ISE. An attacker could also exploit this vulnerability by sending a crafted RADIUS accounting request packet to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit could allow the attacker to cause the RADIUS process to unexpectedly restart, resulting in authentication or authorization timeouts and denying legitimate users access to the network or service. Clients already authenticated to the network would not be affected.
Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) may be required. For more information, see the Details ["#details"] section of this advisory.

Una vulnerabilidad en el procesamiento de mensajes en RADIUS de Cisco Identity Services Engine (ISE) podría permitir a un atacante remoto no autenticado causar que el sistema afectado deje de procesar paquetes. Esta vulnerabilidad es debido al manejo inapropiado de determinadas peticiones. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición de autenticación a un dispositivo de acceso a la red (NAD)que use Cisco ISE para la autenticación. autorización y contabilidad (AAA). Esto eventualmente daría como resultado que el NAD envíe un paquete de solicitud de contabilidad RADIUS a Cisco ISE. Un atacante también podría aprovechar esta vulnerabilidad enviando un paquete de solicitud de contabilidad RADIUS manipulado a Cisco ISE si el secreto compartido de Radius es conocido. Un exploit exitoso podría permitir que el atacante haga que el proceso RADIUS se reinicie inesperadamente, lo que provocaría tiempos de espera de autenticación o autorización y negaría a los usuarios legítimos el acceso a la red o al servicio. Los clientes ya autenticados en la red no se verían afectados. Nota: Para recuperar la capacidad de procesar paquetes RADIUS, es posible que sea necesario reiniciar manualmente el nodo de servicio de políticas (PSN) afectado. Para obtener más información, consulte la sección Detalles ["#details"] de este aviso.

*Credits: N/A

CVSS Scores

NISTv3.1 8.6

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-27 CVE Reserved
2023-09-06 CVE Published
2024-08-02 CVE Updated
2024-09-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors
CWE-755: Improper Handling of Exceptional Conditions

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radius-dos-W7cNn7gt	2024-01-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"		-		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"		patch1		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"		patch2		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"		patch3		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"		patch4		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"		patch5		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"		patch6		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.2 Search vendor "Cisco" for product "Identity Services Engine" and version "3.2"		-		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.2 Search vendor "Cisco" for product "Identity Services Engine" and version "3.2"		patch1		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.2 Search vendor "Cisco" for product "Identity Services Engine" and version "3.2"		patch2		Affected