CVE-2019-1718

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) version 2.1

Description A vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. The issue is due to improper handling of Secure Sockets Layer (SSL) renegotiation requests. An attacker could exploit this by sending renegotiation requests at a high rate, increasing resource usage and potentially leading to a DoS condition.

Recommendations For version 2.1, consider restricting access to the web interface to minimize the risk of exploitation until a patch is available. As a temporary workaround, limiting the rate of SSL renegotiation requests could help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.