Remote Code Execution Vulnerability in Cisco Identity Services Engine RADIUS Feature

CVE-2023-20243

Summary

A vulnerability exists in the RADIUS message processing feature of Cisco Identity Services Engine (ISE), which could allow unauthenticated remote attackers to interrupt the processing of RADIUS packets. This issue arises from inadequate handling of specific RADIUS accounting requests. An attacker may exploit the vulnerability by transmitting a specially crafted authentication request to a network access device (NAD) utilizing Cisco ISE. This action may lead to the NAD issuing a RADIUS accounting request to Cisco ISE. Alternatively, if an attacker knows the RADIUS shared secret, they could send a crafted RADIUS accounting request directly to Cisco ISE. Exploiting this flaw could cause the RADIUS process to restart unexpectedly, which might lead to authentication and authorization timeouts, blocking legitimate user access. It’s important to note that clients already authenticated would remain unaffected. To restore RADIUS packet processing, a manual restart of the Policy Service Node (PSN) may be necessary.

References