Identity Services Engine
CVE-2025-20343
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco ISE to restart unexpectedly.
This vulnerability is due to a logic error when processing a RADIUS access request for a MAC address that is already a rejected endpoint. An attacker could exploit this vulnerability by sending a specific sequence of multiple crafted RADIUS access request messages to Cisco ISE. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when Cisco ISE restarts.
AnalysisAI
A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-697. A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco ISE to restart unexpectedly. This vulnerability is due to a logic error when processing a RADIUS access request for a MAC address that is already a rejected endpoint. An attacker could exploit this vulnerability by sending a specific sequence of multiple crafted RADIUS access request messages to Cisco ISE. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when Cisco ISE restarts. Affected products include: Cisco Identity Services Engine.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Identity Services Engine
View allCisco ISE and ISE-PIC contain a critical input injection vulnerability (CVE-2025-20281, CVSS 10.0) that allows unauthent
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, rem
CVE-2025-20282 is a critical remote code execution vulnerability in Cisco ISE and ISE-PIC that allows unauthenticated at
Default credentials in Cisco ISE cloud deployments on AWS/Azure/OCI. CVSS 9.9.
A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacke
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthentic
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthentic
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, re
A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command inje
A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthentic
Same weakness CWE-697 – Incorrect Comparison
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today