CVE-2025-20343

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine versions prior to 3.4 Patch 4 or version 3.5

Description A flaw in the RADIUS setting of Cisco Identity Services Engine (ISE) allows an unauthenticated, remote attacker to cause the system to restart unexpectedly, resulting in a denial of service (DoS) condition. This issue is due to a logic error when processing RADIUS access requests for MAC addresses that have already been rejected. An attacker can exploit this by sending a specific sequence of crafted RADIUS access request messages. Approximately 1.2k to 2.7k services are estimated to be exposed worldwide. The vulnerability affects the processing of RADIUS access requests. The vulnerable component is the RADIUS feature within Cisco ISE.

Recommendations Upgrade to Cisco Identity Services Engine version 3.4 Patch 4 or version 3.5.