CVE-2023-20243

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) (affected versions not specified)

Description The issue is related to improper handling of certain RADIUS accounting requests in the RADIUS message processing feature of Cisco Identity Services Engine (ISE). This could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA), or by sending a crafted RADIUS accounting request packet to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit could result in authentication or authorization timeouts and deny legitimate users access to the network or service. Clients already authenticated to the network would not be affected.

Recommendations To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) may be required. As a temporary workaround, consider restricting access to the RADIUS message processing feature until a patch is available. Avoid using the vulnerable RADIUS accounting request packet until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.