CVE-2023-20243
CVSS 3.1 Score 8.6 of 10 (high)
Details
Summary
CVE-2023-20243 is a vulnerability affecting the RADIUS message processing feature of Cisco Identity Services Engine (ISE). An unauthenticated, remote attacker can exploit this issue by sending a maliciously crafted RADIUS accounting request to a network access device using Cisco ISE for authentication, authorization, and accounting. The vulnerability arises from the improper handling of certain RADIUS accounting requests, which can cause the RADIUS process to unexpectedly restart, leading to authentication or authorization timeouts and denial of access for legitimate users. Direct exploitation of the vulnerability is also possible if the RADIUS shared secret is known. While clients already authenticated to the network remain unaffected, a manual restart of the affected Policy Service Node may be necessary to resume RADIUS packet processing.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco Identity Services Engine
Affected Vendors
- Cisco Systems Inc
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions