CVE-2022-20937

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) Software (affected versions not specified)

Description A vulnerability in the feature that monitors RADIUS requests could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This issue is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic, potentially causing reduced performance of the affected device and resulting in significant delays to RADIUS authentications.

Recommendations There are workarounds that address this vulnerability. As a temporary workaround, consider restricting the reception of specific RADIUS traffic to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.