ID

VAR-202211-0372


CVE

CVE-2022-20937


TITLE

Cisco Systems  Cisco Identity Services Engine (ISE)  Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-022871

DESCRIPTION

A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability. Cisco Systems Cisco Identity Services Engine (ISE) Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-20937 // JVNDB: JVNDB-2022-022871 // VULHUB: VHN-405490

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:ltversion:2.7.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.0.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion:2.7.0

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion:3.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion:3.0.0

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-022871 // NVD: CVE-2022-20937

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20937
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20937
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20937
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202211-2104
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-20937
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2022-20937
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022871 // CNNVD: CNNVD-202211-2104 // NVD: CVE-2022-20937 // NVD: CVE-2022-20937

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-410

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405490 // JVNDB: JVNDB-2022-022871 // NVD: CVE-2022-20937

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2104

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202211-2104

PATCH

title:cisco-sa-ise-sec-atk-dos-zw5RCUYpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp

Trust: 0.8

title:Cisco Identity Services Engine Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213289

Trust: 0.6

sources: JVNDB: JVNDB-2022-022871 // CNNVD: CNNVD-202211-2104

EXTERNAL IDS

db:NVDid:CVE-2022-20937

Trust: 3.3

db:JVNDBid:JVNDB-2022-022871

Trust: 0.8

db:CNNVDid:CNNVD-202211-2104

Trust: 0.6

db:VULHUBid:VHN-405490

Trust: 0.1

sources: VULHUB: VHN-405490 // JVNDB: JVNDB-2022-022871 // CNNVD: CNNVD-202211-2104 // NVD: CVE-2022-20937

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-sec-atk-dos-zw5rcuyp

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-20937

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-sec-atk-dos-zw5rcuyp

Trust: 0.7

url:https://cxsecurity.com/cveshow/cve-2022-20937/

Trust: 0.6

sources: VULHUB: VHN-405490 // JVNDB: JVNDB-2022-022871 // CNNVD: CNNVD-202211-2104 // NVD: CVE-2022-20937

SOURCES

db:VULHUBid:VHN-405490
db:JVNDBid:JVNDB-2022-022871
db:CNNVDid:CNNVD-202211-2104
db:NVDid:CVE-2022-20937

LAST UPDATE DATE

2024-08-14T14:55:09.448000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405490date:2022-11-07T00:00:00
db:JVNDBid:JVNDB-2022-022871date:2023-11-21T03:30:00
db:CNNVDid:CNNVD-202211-2104date:2022-11-08T00:00:00
db:NVDid:CVE-2022-20937date:2024-01-25T17:15:20.310

SOURCES RELEASE DATE

db:VULHUBid:VHN-405490date:2022-11-04T00:00:00
db:JVNDBid:JVNDB-2022-022871date:2023-11-21T00:00:00
db:CNNVDid:CNNVD-202211-2104date:2022-11-04T00:00:00
db:NVDid:CVE-2022-20937date:2022-11-04T18:15:11.040