A critical vulnerability in Cisco Identity Services Engine (ISE) could allow remote attackers to crash the system through a crafted sequence of RADIUS requests.
The flaw CVE-2024-20399, lies in how ISE handles repeated authentication failures from rejected endpoints, creating a denial-of-service condition that forces unexpected system restarts.
The vulnerability stems from a logic error in the RADIUS configuration that rejects client requests after repeated failures.
Attackers can exploit this by sending specially crafted RADIUS access request messages targeting MAC addresses already flagged as rejected endpoints.
Cisco Identity Services Engine Vulnerability
When ISE processes these malicious requests, the system crashes and restarts unexpectedly, disrupting authentication services across the network.
This type of attack requires no authentication credentials, making it particularly dangerous for organizations relying on ISE for network access control and endpoint management.
Cisco ISE versions 3.4.0 through 3.4 Patch 3 are vulnerable by default because the “Reject RADIUS requests from clients with repeated failures” setting is enabled by default in these releases.
| CVE ID | Product | Affected Versions | CVSS v3.1 Score | Vulnerability Type |
|---|---|---|---|---|
| CVE-2024-20399 | Cisco ISE | 3.4.0, 3.4 P1, 3.4 P2, 3.4 P3 | 7.5 | Denial of Service (DoS) |
ISE serves as a central point for network access control, device authentication, and compliance policy enforcement.
When ISE restarts unexpectedly, organizations lose visibility into network activity and may experience authentication failures for legitimate users and devices.
This cascading effect can disrupt business operations across the entire network infrastructure. Cisco has released multiple options to address this threat.
Organizations can immediately turn off the vulnerable RADIUS setting in the administration console. However, Cisco recommends re-enabling it once systems are patched.
ISE version 3.4 systems should be upgraded to Patch 4 or later. Notably, earlier versions (3.3 and below) and newer releases (3.5+) are not affected by this issue.
Administrators should check their ISE configuration at Administration > System > Settings > Protocols > RADIUS to verify their current status.
The vulnerability only affects systems with the repeated failures rejection setting enabled, so disabling it provides temporary protection while upgrades are planned.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
