CVE-2018-0277

Name of the Vulnerable Software and Affected Versions: Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance (affected versions not specified)

Description: A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication could allow an unauthenticated, remote attacker to cause the system to restart unexpectedly, resulting in a denial of service (DoS) condition. The issue is due to incomplete input validation of the client EAP-TLS certificate. An attacker could exploit this by initiating EAP authentication over TLS with a crafted EAP-TLS certificate. A successful exploit could allow the attacker to restart the application server, causing a DoS condition. If an attacker attempts to import the same EAP-TLS certificate to the trust store, it could trigger a DoS condition, requiring the attacker to have valid administrator credentials.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.