{"id":8269,"date":"2025-11-07T10:05:20","date_gmt":"2025-11-07T10:05:20","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/11\/07\/cisco-identity-services-engine-vulnerability-allows-attackers-to-restart-ise-unexpectedly\/"},"modified":"2025-11-07T10:05:20","modified_gmt":"2025-11-07T10:05:20","slug":"cisco-identity-services-engine-vulnerability-allows-attackers-to-restart-ise-unexpectedly","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/11\/07\/cisco-identity-services-engine-vulnerability-allows-attackers-to-restart-ise-unexpectedly\/","title":{"rendered":"Cisco Identity Services Engine Vulnerability Allows Attackers to Restart ISE Unexpectedly"},"content":{"rendered":"

Cisco Identity Services Engine Vulnerability Allows Attackers to Restart ISE Unexpectedly
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

A critical vulnerability in Cisco Identity Services Engine (ISE) could allow remote attackers to crash the system through a crafted sequence of RADIUS requests.<\/p>\n

The flaw CVE-2024-20399<\/a>, lies in how ISE handles repeated authentication failures from rejected endpoints, creating a denial-of-service<\/a> condition that forces unexpected system restarts.<\/p>\n

The vulnerability<\/a> stems from a logic error in the RADIUS configuration that rejects client requests after repeated failures.<\/p>\n

Attackers can exploit this by sending specially crafted RADIUS access request messages targeting MAC addresses already flagged as rejected endpoints.<\/p>\n

Cisco Identity Services Engine Vulnerability<\/strong><\/h2>\n

When ISE processes these malicious requests, the system crashes and restarts unexpectedly, disrupting authentication services across the network.<\/p>\n

This type of attack requires no authentication credentials, making it particularly dangerous for organizations relying on ISE for network access control and endpoint management.<\/p>\n

Cisco ISE versions 3.4.0 through 3.4 Patch 3 are vulnerable by default because the \u201cReject RADIUS requests<\/a> from clients with repeated failures\u201d setting is enabled by default in these releases.<\/p>\n

\n\n\n\n\n\n
CVE ID<\/th>\nProduct<\/th>\nAffected Versions<\/th>\nCVSS v3.1 Score<\/th>\nVulnerability Type<\/strong><\/th>\n<\/tr>\n<\/thead>\n
CVE-2024-20399<\/td>\nCisco ISE<\/td>\n3.4.0, 3.4 P1, 3.4 P2, 3.4 P3<\/td>\n7.5<\/td>\nDenial of Service (DoS)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

ISE serves as a central point for network access control, device authentication, and compliance policy enforcement.<\/p>\n

When ISE restarts unexpectedly, organizations lose visibility into network activity and may experience authentication failures for legitimate users and devices.<\/p>\n

This cascading effect can disrupt business operations across the entire network infrastructure. Cisco has released<\/a> multiple options to address this threat.<\/p>\n

Organizations can immediately turn off the vulnerable RADIUS setting in the administration console. However, Cisco recommends re-enabling it once systems are patched.<\/p>\n

ISE version 3.4 systems should be upgraded to Patch <\/a>4 or later. Notably, earlier versions (3.3 and below) and newer releases (3.5+) are not affected by this issue.<\/p>\n

Administrators should check their ISE configuration at Administration > System > Settings > Protocols > RADIUS to verify their current status.<\/p>\n

The vulnerability only affects systems with the repeated failures rejection setting enabled, so disabling it provides temporary protection while upgrades are planned.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n

The post Cisco Identity Services Engine Vulnerability Allows Attackers to Restart ISE Unexpectedly<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Abinaya
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Cisco Identity Services Engine Vulnerability Allows Attackers to Restart ISE Unexpectedly A critical vulnerability in Cisco Identity Services Engine (ISE) could allow remote attackers to crash the system through a crafted sequence of RADIUS requests. The flaw CVE-2024-20399, lies in how ISE handles repeated authentication failures from rejected endpoints, creating a denial-of-service condition that forces […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2015,63,464,2016,648],"tags":[130],"class_list":["post-8269","post","type-post","status-publish","format-standard","hentry","category-cve-vulnerabilities","category-cyber-security-news","category-cybersecurity","category-cybersecurity-news","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8269"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=8269"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8269\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=8269"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=8269"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=8269"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}