Описание
Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 1.2 (включая)
Одно из
cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00585
Низкий
4 Medium
CVSS2
Дефекты
CWE-399
Связанные уязвимости
github
больше 3 лет назад
Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.
EPSS
Процентиль: 68%
0.00585
Низкий
4 Medium
CVSS2
Дефекты
CWE-399