Cisco Identity Services Engine Vulnerability Allows Attackers To...

A critical vulnerability in Cisco Identity Services Engine (ISE) could allow remote attackers to crash the system through a crafted sequence of RADIUS requests.

The flaw CVE-2024-20399, lies in how ISE handles repeated authentication failures from rejected endpoints, creating a denial-of-service condition that forces unexpected system restarts.

The vulnerability stems from a logic error in the RADIUS configuration that rejects client requests after repeated failures.

Attackers can exploit this by sending specially crafted RADIUS access request messages targeting MAC addresses already flagged as rejected endpoints.

When ISE processes these malicious requests, the system crashes and restarts unexpectedly, disrupting authentication services across the network.

This type of attack requires no authentication credentials, making it particularly dangerous for organizations relying on ISE for network access control and endpoint management.

Cisco ISE versions 3.4.0 through 3.4 Patch 3 are vulnerable by default because the “Reject RADIUS requests from clients with repeated failures” setting is enabled by default in these releases.

ISE serves as a central point for network access control, device authentication, and compliance policy enforcement.

When ISE restarts unexpectedly, organizations lose visibility into network activity and may experience authentication failures for legitimate users and devices.

This cascading effect can disrupt business operations across the entire network infrastructure. Cisco has released multiple options to address this threat.