ID

VAR-202203-0870


CVE

CVE-2022-20756


TITLE

Cisco Identity Services Engine  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009357

DESCRIPTION

A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by attempting to authenticate to a network or a service where the access server is using Cisco ISE as the RADIUS server. A successful exploit could allow the attacker to cause Cisco ISE to stop processing RADIUS requests, causing authentication/authorization timeouts, which would then result in legitimate requests being denied access. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) is required. See the Details section for more information. Cisco Identity Services Engine (ISE) Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-20756 // JVNDB: JVNDB-2022-009357 // VULHUB: VHN-405309 // VULMON: CVE-2022-20756

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.4.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7.0.356

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.0.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.2.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.6.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services enginescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-009357 // NVD: CVE-2022-20756

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20756
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20756
value: HIGH

Trust: 1.0

NVD: CVE-2022-20756
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202203-103
value: HIGH

Trust: 0.6

VULHUB: VHN-405309
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-20756
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20756
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405309
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20756
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20756
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20756
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405309 // VULMON: CVE-2022-20756 // JVNDB: JVNDB-2022-009357 // CNNVD: CNNVD-202203-103 // NVD: CVE-2022-20756 // NVD: CVE-2022-20756

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-009357 // NVD: CVE-2022-20756

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-103

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202203-103

PATCH

title:cisco-sa-ise-dos-JLh9TxBpurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp

Trust: 0.8

title:Cisco Identity Services Engine Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184423

Trust: 0.6

title:Cisco: Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ise-dos-JLh9TxBp

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20756 // JVNDB: JVNDB-2022-009357 // CNNVD: CNNVD-202203-103

EXTERNAL IDS

db:NVDid:CVE-2022-20756

Trust: 3.4

db:JVNDBid:JVNDB-2022-009357

Trust: 0.8

db:CS-HELPid:SB2022030220

Trust: 0.6

db:AUSCERTid:ESB-2022.0891.3

Trust: 0.6

db:CNNVDid:CNNVD-202203-103

Trust: 0.6

db:VULHUBid:VHN-405309

Trust: 0.1

db:VULMONid:CVE-2022-20756

Trust: 0.1

sources: VULHUB: VHN-405309 // VULMON: CVE-2022-20756 // JVNDB: JVNDB-2022-009357 // CNNVD: CNNVD-202203-103 // NVD: CVE-2022-20756

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-dos-jlh9txbp

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20756

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022030220

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0891.3

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20756/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405309 // VULMON: CVE-2022-20756 // JVNDB: JVNDB-2022-009357 // CNNVD: CNNVD-202203-103 // NVD: CVE-2022-20756

SOURCES

db:VULHUBid:VHN-405309
db:VULMONid:CVE-2022-20756
db:JVNDBid:JVNDB-2022-009357
db:CNNVDid:CNNVD-202203-103
db:NVDid:CVE-2022-20756

LAST UPDATE DATE

2024-08-14T15:37:41.224000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405309date:2022-04-14T00:00:00
db:VULMONid:CVE-2022-20756date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-009357date:2023-08-04T05:45:00
db:CNNVDid:CNNVD-202203-103date:2022-04-15T00:00:00
db:NVDid:CVE-2022-20756date:2023-11-07T03:42:51.483

SOURCES RELEASE DATE

db:VULHUBid:VHN-405309date:2022-04-06T00:00:00
db:VULMONid:CVE-2022-20756date:2022-04-06T00:00:00
db:JVNDBid:JVNDB-2022-009357date:2023-08-04T00:00:00
db:CNNVDid:CNNVD-202203-103date:2022-03-02T00:00:00
db:NVDid:CVE-2022-20756date:2022-04-06T19:15:08.220