Critical Cisco ISE flaw triggers system crashes

Cyber Security News reports that a critical denial-of-service vulnerability in Cisco's Identity Services Engine (ISE) could allow unauthenticated attackers to crash the critical network access control system.

The flaw, tracked as CVE-2024-20399, exists in the RADIUS protocol handling of ISE versions 3.4.0 through 3.4 Patch 3. By sending a sequence of specially crafted RADIUS requests targeting rejected endpoints, a remote attacker can trigger an unexpected system restart.

This disruption halts authentication services, causing a widespread loss of network visibility and preventing legitimate users and devices from connecting. The vulnerability is particularly severe as it is exploitable without any credentials and affects a default configuration in the specified versions. Cisco has provided mitigation steps, advising administrators to immediately disable the "Reject RADIUS requests from clients with repeated failures" setting as a temporary workaround.

For a permanent fix, organizations must upgrade their affected ISE systems to version 3.4 Patch 4 or a later release, as earlier and newer versions are not vulnerable.