CVE-2017-6653

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) version 2.1(0.474)

Description A denial of service (DoS) condition can occur on an affected device due to insufficient TCP rate limiting protection on the GUI, allowing an unauthenticated, remote attacker to cause the ISE GUI to fail to respond to new or established connection requests. This can be exploited by sending a high rate of TCP connections to the GUI, causing it to stop responding while the high rate of connections is in progress.

Recommendations For Cisco Identity Services Engine (ISE) version 2.1(0.474), consider implementing rate limiting on TCP connections to the GUI as a temporary workaround until a patch is available. Restrict access to the GUI to minimize the risk of exploitation.