CVE-2022-20937

A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch7:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*

History

21 Nov 2024, 06:43

Type Values Removed Values Added
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp -

25 Jan 2024, 17:15

Type Values Removed Values Added
Summary A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability. A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability.
References
  • {'url': 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp', 'name': 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}
  • () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp -

07 Nov 2022, 17:43

Type Values Removed Values Added
CPE cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch7:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*
CWE CWE-400
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
References (MISC) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp - (MISC) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp - Vendor Advisory

04 Nov 2022, 18:36

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-04 18:15

Updated : 2024-11-21 06:43


NVD link : CVE-2022-20937

Mitre link : CVE-2022-20937

CVE.ORG link : CVE-2022-20937


JSON object : View

Products Affected

cisco

  • identity_services_engine
CWE
CWE-410

Insufficient Resource Pool

CWE-400

Uncontrolled Resource Consumption