The flaw CVE-2024-20399, lies in how ISE handles repeated authentication failures from rejected endpoints, creating a denial-of-service condition that forces unexpected system restarts.
The vulnerability stems from a logic error in the RADIUS configuration that rejects client requests after repeated failures.
Attackers can exploit this by sending specially crafted RADIUS access request messages targeting MAC addresses already flagged as rejected endpoints.
When ISE processes these malicious requests, the system crashes and restarts unexpectedly, disrupting authentication services across the network.
This type of attack requires no authentication credentials, making it particularly dangerous for organizations relying on ISE for network access control and endpoint management.
Cisco ISE versions 3.4.0 through 3.4 Patch 3 are vulnerable by default because the “Reject RADIUS requests from clients with repeated failures” setting is enabled by default in these releases.
| CVE ID | Product | Affected Versions | CVSS v3.1 Score | Vulnerability Type |
|---|---|---|---|---|
| CVE-2024-20399 | Cisco ISE | 3.4.0, 3.4 P1, 3.4 P2, 3.4 P3 | 7.5 | Denial of Service (DoS) |
ISE serves as a central point for network access control, device authentication, and compliance policy enforcement.
When ISE restarts unexpectedly, organizations lose visibility into network activity and may experience authentication failures for legitimate users and devices.
This cascading effect can disrupt business operations across the entire network infrastructure. Cisco has released multiple options to address this threat.
Organizations can immediately turn off the vulnerable RADIUS setting in the administration console. However, Cisco recommends re-enabling it once systems are patched.
ISE version 3.4 systems should be upgraded to Patch 4 or later. Notably, earlier versions (3.3 and below) and newer releases (3.5+) are not affected by this issue.
Administrators should check their ISE configuration at Administration > System > Settings > Protocols > RADIUS to verify their current status.
The vulnerability only affects systems with the repeated failures rejection setting enabled, so disabling it provides temporary protection while upgrades are planned.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Cisco Identity Services Engine Vulnerability Allows Attackers to Restart ISE Unexpectedly appeared first on Cyber Security News.
In September, Donald Trump claimed that "the United States is getting a tremendous fee" for…
ABILENE, Texas (KTAB/KRBC) - Two men in Abilene, a father and son, were arrested Friday…
According to Reuters, Meta is looking to offset spending on AI and data centers with…
Hulu has decided to scrap Buffy the Vampire Slayer: New Sunnydale, its planned continuation series…
Jostling a folded piece of paper, holding it marooned in the air, selectman Beth Blair…
Boscawen voters cruised through a speedy town meeting Friday night, one with so little controversy…
This website uses cookies.