Vulners
Lucene search
Cisco Identity Services Engine (cisco-sa-ise-radsupress-dos-8YF3JThh)
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | CVE-2025-20343 | 5 Nov 202517:09 | – | circl |
 | Cisco Identity Services Engine RADIUS Suppression Denial of Service Vulnerability | 5 Nov 202516:00 | – | cisco |
 | Cisco Identity Services Engine 安全漏洞 | 5 Nov 202500:00 | – | cnnvd |
 | CVE-2025-20343 | 5 Nov 202516:31 | – | cve |
 | CVE-2025-20343 Cisco Identity Services Engine Radius Suppression Denial of Service Vulnerability | 5 Nov 202516:31 | – | cvelist |
 | EUVD-2025-37893 | 5 Nov 202516:31 | – | euvd |
 | Vulnerability fixed in Cisco Identity Services Engine | 6 Nov 202512:36 | – | ncsc |
 | CVE-2025-20343 | 5 Nov 202517:15 | – | nvd |
 | CVE-2025-20343 | 5 Nov 202517:15 | – | osv |
 | PT-2025-45128 | 5 Nov 202500:00 | – | ptsecurity |
10
#TRUSTED 2ce4b57b9b46a709a70247496f0bd93143812c70d27f96380b1c8e0d213309d46cd4654c450bdc2ecc9787528cca86165d3966f3614e9ce52b5a6590ba501ab914c178b9746840be04529b674e7a51669181e0a954c3f5a6d1fc93fc1b0e1d1f8fad0b56dcfe77ef17139ac01a13664425573dc72f3360ce04912227de3a99522ef8b83ed0a14ee920dcfa850b00bbe2275dd68f7982d666c17df1022fde77ac0bd586a15da167d85af4722d360b3dd13579d77157d08a69392db1f9f031a722a8377285df0d0ca778a60c6940e4b74d168f8427ae61f4f6679dd4f17fe122ef2db4d2d8af4af2d764a564d3b80d87bd423227d9fad39bca05047c96dbb835028196de41ccfb752faeadebbe754173b3e83ad3c9e91b720f6d76b05da5622cba7573b8f31a013e44e031681e48d17c448fdd8eb558f63bcf6c8cc0624b28e31f63aeaba4ebf34faa6168bfab0d10fc24d8dfb1f56fbfa74dde099a7661805b7ec788a4973218a359365235613e8b3c5c76ae80794441d1e6e8ad4e1b56e63d216f4c9d0ecd99f64d877297130cfa8724a778d3797a2d0d4ea96db2bdb2fc59ad7706f83df68e3b310e881318a771eb9f60ceeed0963dbd6707bd9eeb4daa1d2241db35b47f4469b975ed9d4644e070b670ddef84d9bcb53268ee7cddea756091285e66ebd67cdd96680f4d627e6aab808c551772e9d96ea8462524d775a77e41
#TRUST-RSA-SHA256 1cd2fa54976c9af11e7fd485f0f434a754a42da60e11517b613730d240f41fc4988c2ceb66a1afccc8d1cc95c5517eeba86fffa5c40edcec0ebd4af309d38c9cddab57ea754dbc6764cf1b3d112cbb561eb70ff4fad770e01abf6536398fe9d279de0348d9f2960df782db13d41eb57102bb9eb7e871df625826db0c5610825341ad85402a568090bc2c5c346d770e4f206d5b4077d661c3d368e809d2b92f37bd63efc90cd1d8667c18c861b2cdd5dc3cb12827fe9db7a5e670782fb0cf29472ba682c12e48d268b4227805c0a1b850437aaa02d901c86d49ac4d3046e8ac72cf8c5a0fcadb7b884866e6df078c7f19bb528ef2c6b71006222e9d14332c62cb60a2ba9284bab51f790f2b8c18c3888c73f8dde8309243fe2e9bb46c9874cbd3a8b20db1556e4db33b19a756d594ced60859510988f40608bd0ae8ba134653b88e0043419bb8285405c39e1b78be57e8a93bfbf6f6ac4a43a18cf4ece477f8b44a4e0f0defe5840655f4d65f48a4ea3eaafdedfa6b010bd530c5c430f67dba5585f09edf3dc793f89249bf789c26d56880b36095aa2e82fa4d0003b0947a35a6cad64bfa2662fce0fb786d0e6b5e69791be16e28ec6138bf60cfe6dd2fc0c5b23a3ffeb8ce1113208cf63dc3d9116d80fa49338c6e01ac0f2433f0743bc1adedc3052c05edb963fc6ecc2640683affe7ac24852c71cbb25cf86bda8f5f757b04
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(274062);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/30");
script_cve_id("CVE-2025-20343");
script_xref(name:"CISCO-BUG-ID", value:"CSCwq27605");
script_xref(name:"CISCO-SA", value:"cisco-sa-ise-radsupress-dos-8YF3JThh");
script_xref(name:"IAVA", value:"2025-A-0819-S");
script_name(english:"Cisco Identity Services Engine (cisco-sa-ise-radsupress-dos-8YF3JThh)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco ISE is affected by a vulnerability.
- A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco
Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco ISE to
restart unexpectedly. This vulnerability is due to a logic error when processing a RADIUS access request
for a MAC address that is already a rejected endpoint. An attacker could exploit this vulnerability by
sending a specific sequence of multiple crafted RADIUS access request messages to Cisco ISE. A successful
exploit could allow the attacker to cause a denial of service (DoS) condition when Cisco ISE restarts.
(CVE-2025-20343)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radsupress-dos-8YF3JThh
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8c72440d");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwq27605");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwq27605");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-20343");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(697);
script_set_attribute(attribute:"vuln_publication_date", value:"2025/11/05");
script_set_attribute(attribute:"patch_publication_date", value:"2025/11/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:identity_services_engine");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine_software");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ise_detect.nbin");
script_require_keys("Host/Cisco/ISE/version");
exit(0);
}
include('ccf.inc');
include('cisco_ise_func.inc');
var product_info = cisco::get_product_info(name:'Cisco Identity Services Engine Software');
product_info = strip_fourth_segment(product_info:product_info);
var vuln_ranges = [
{'min_ver': '3.4', 'fix_ver': '3.4', 'required_patch': '4'}
];
var required_patch = get_required_patch(vuln_ranges:vuln_ranges, version:product_info['version']);
var reporting = make_array(
'port' , 0,
'severity' , SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , 'CSCwq27605',
'disable_caveat', TRUE,
'fix' , 'See vendor advisory'
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_ranges:vuln_ranges,
required_patch:required_patch
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Apr 2026 00:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.17.5 - 8.6
EPSS0.0055
SSVC