CVE-2022-20937

EPSS 0.25%
Published 04.11.2022 18:15:11
Last modified 21.11.2024 06:43:51
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device.

 This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications.

   There are workarounds that address this vulnerability.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Identity Services Engine Version < 2.7.0

Cisco ≫ Identity Services Engine Version2.7.0 Update-

Cisco ≫ Identity Services Engine Version2.7.0 Updatepatch1

Cisco ≫ Identity Services Engine Version2.7.0 Updatepatch2

Cisco ≫ Identity Services Engine Version2.7.0 Updatepatch3

Cisco ≫ Identity Services Engine Version2.7.0 Updatepatch4

Cisco ≫ Identity Services Engine Version2.7.0 Updatepatch5

Cisco ≫ Identity Services Engine Version2.7.0 Updatepatch6

Cisco ≫ Identity Services Engine Version2.7.0 Updatepatch7

Cisco ≫ Identity Services Engine Version3.0.0 Update-

Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch1

Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch2

Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch3

Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch4

Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch5

Cisco ≫ Identity Services Engine Version3.1 Update-

Cisco ≫ Identity Services Engine Version3.1 Updatepatch1

Cisco ≫ Identity Services Engine Version3.1 Updatepatch3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.477

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
psirt@cisco.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-410 Insufficient Resource Pool

The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp

https://nvd.nist.gov/vuln/detail/CVE-2022-20937

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-20937

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-20937

EUVD