Cisco Identity Services Engine RADIUS Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) versions 3.4 and 3.3 and earlier. This vulnerability allows an unauthenticated, remote attacker to cause the affected device to reload. The issue arises from improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by sending a specific authentication request to a network access device that uses Cisco ISE for authentication, authorization, and accounting services.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the affected Cisco ISE device to reload.

Remediation

Cisco has released free software updates that address this vulnerability. Customers with service contracts should obtain these security fixes through their usual update channels. For instructions on upgrading a device, see the Upgrade Guides on the Cisco Identity Service Engine support page.