Cisco Identity Services Engine Denial of Service Vulnerability

2020-06-0316:00:00

tools.cisco.com

EPSS

0.002

Percentile

52.6%

JSON

A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to a race condition that may occur when syslog messages are processed. An attacker could exploit this vulnerability by sending a high rate of syslog messages to an affected device. A successful exploit could allow the attacker to cause the Application Server process to crash, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-qNzq39K7 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-qNzq39K7”]

Affected configurations

Vulners

Node

ciscoidentity_services_engine_softwareMatchany

VendorProductVersionCPE
ciscoidentity_services_engine_softwareanycpe:2.3:a:cisco:identity_services_engine_software:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	identity_services_engine_software	any	cpe:2.3:a:cisco:identity_services_engine_software:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-qNzq39K7

EPSS

0.002

Percentile

52.6%

JSON

Related for CISCO-SA-ISE-DOS-QNZQ39K7