Skip to main content

Identity Services Engine CVE-2022-20937

MEDIUM
Insufficient Resource Pool (CWE-410)
2022-11-04 psirt@cisco.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Nov 04, 2022 - 18:15 nvd
MEDIUM 5.3

DescriptionNVD

A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability.

AnalysisAI

A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-410. A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability. Affected products include: Cisco Identity Services Engine.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-20281 CRITICAL POC
10.0 Jun 25

Cisco ISE and ISE-PIC contain a critical input injection vulnerability (CVE-2025-20281, CVSS 10.0) that allows unauthent

CVE-2025-20125 CRITICAL POC
9.1 Feb 05

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to

CVE-2017-6747 CRITICAL
9.8 Aug 07

A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, rem

CVE-2025-20282 CRITICAL
10.0 Jun 25

CVE-2025-20282 is a critical remote code execution vulnerability in Cisco ISE and ISE-PIC that allows unauthenticated at

CVE-2025-20286 CRITICAL
9.9 Jun 04

Default credentials in Cisco ISE cloud deployments on AWS/Azure/OCI. CVSS 9.9.

CVE-2022-20733 CRITICAL
9.8 Jun 15

A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacke

CVE-2024-20486 HIGH
8.8 Aug 21

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthentic

CVE-2024-20368 HIGH
8.8 Apr 03

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthentic

CVE-2023-20272 HIGH
8.8 Nov 21

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, re

CVE-2023-20175 HIGH
8.8 Nov 01

A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command inje

CVE-2022-20962 HIGH
8.8 Nov 04

A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated

CVE-2022-20961 HIGH
8.8 Nov 04

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthentic

Share

CVE-2022-20937 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy