CVE-2023-20243 (identity_services_engine)

A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets.

This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This would eventually result in the NAD sending a RADIUS …

access accounting a network attacker authentication cisco cve engine exploit feature handling identity identity services engine ise message network network access packets radius request requests services system unauthenticated vulnerability