Cisco Identity Services Engine Flaw Let Attacker Trigger DoS Condition

by Esmeralda McKenzie
Cisco Identity Services Engine Flaw Let Attacker Trigger DoS Condition

Cisco Identity Services Engine Flaw Let Attacker Trigger DoS Condition

Cisco Identification Products and services Engine Flaw Let Attacker Effect off DoS Situation

Cisco addressed excessive-affect vulnerability CVE-2023-20243 in the Cisco Identification Products and services Engine (ISE), allowing attackers to forestall processing Radius packets.

This vulnerability, with a corrupt rating of 8.6, was came upon towards the resolution of a Cisco TAC make stronger case released on  September 6, 2023.

EHA

Cisco Identification Products and services Engine (ISE) is a next-generation identity and get admission to control policy platform that lets in enterprises to put into effect compliance, toughen infrastructure security, and streamline their provider operations.

Cisco ISE PSNs configured with RADIUS are impacted by this vulnerability, and if it is feeble for TACACS most exciting, the draw is unaffected.

Suggestions:

There are no workarounds that deal with this vulnerability. On the opposite hand, several attainable mitigations could presumably lend a hand deal with this vulnerability.

Customers ought to flip off RADIUS accounting on the community get admission to draw (NAD), sending the crafted packets to the Cisco ISE PSN.

Sooner than the exhaust of any workaround or mitigation of their environments, Customers ought to clutch into consideration their test atmosphere in accordance to their stipulations.

Customers ought to undergo in recommendations that any workaround or mitigation applied could presumably negatively affect the functionality or efficiency of their community in accordance to intrinsic customer deployment eventualities and obstacles.

Cisco has released free draw updates that deal with the vulnerability described on this advisory.

Customers with provider contracts that entitle them to frequent draw updates ought to manufacture security fixes via their standard update channels.

Customers who have straight from Cisco but attain now not shield a Cisco provider contract and other folk that have via third-birthday celebration vendors but are unsuccessful in acquiring fixed draw via their level of sale ought to manufacture upgrades by contacting Cisco.

Fastened Liberate:

Cisco ISE Liberate First Fastened Liberate
2.7 and earlier Not weak
3.0 Not weak
3.1 3.1P7
3.2 3.2P3
3.3 Not weak

Source credit : cybersecuritynews.com

Related Posts