CVE-2025-20343
BaseFortify
Publication date: 2025-11-05
Last updated on: 2025-11-19
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | identity_services_engine | 3.4.0 |
| cisco | identity_services_engine | 3.4.0 |
| cisco | identity_services_engine | 3.4.0 |
| cisco | identity_services_engine | 3.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-697 | The product compares two entities in a security-relevant context, but the comparison is incorrect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Cisco Identity Services Engine (ISE) RADIUS setting that rejects requests from clients with repeated failures. Due to a logic error, when processing RADIUS access requests for MAC addresses already marked as rejected, an unauthenticated remote attacker can send a specific sequence of crafted RADIUS access request messages that causes Cisco ISE to restart unexpectedly.
How can this vulnerability impact me? :
Exploiting this vulnerability can cause a denial of service (DoS) condition by forcing Cisco ISE to restart unexpectedly. This can disrupt network access control services and potentially impact network availability and security monitoring.