-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-051 Title: Cisco RADIUS DoS [1] Version history: 22.05.2014 Initial publication Summary ======= Cisco Identity Services Engine Software (ISE) is an authentication, authorization, and accounting application. Cisco Identity Services Engine (ISE) is prone to a remote denial-of-service vulnerability due to an error in the implementation of deadlock code. An attacker can exploit this issue by sending specially crafted RADIUS accounting packets from two different Network Access Servers (NASs). An attacker can exploit this issue to cause the RADIUS process to hang, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuo56780. CVE numbers: [1] CVE-2014-3276 CVSS Version 2 Scores CVSS2 Base 4 CVSS2 Temporal 3.8 CVSS2 Base Vector AV:N/AC:L/Au:S/C:N/I:N/A:P CVSS2 Temporal VectorE:F/RL:U/RC:C Vulnerable systems ================== Cisco Identity Services Engine Software What can you do? ================ Currently, we are not aware of any vendor-supplied patches. MiMitigating Strategies: Block external access at the network boundary, as much as possible. Deploy network intrusion detection systems to monitor network traffic for malicious activity. What to tell your users? ======================== N/A More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276 Best regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJTfg6EAAoJEPpzpNLI8SVo28sQALtlbjvOHxShxqSkb4IrP6Sc fpeDlWZNuexsrOjrIa0BIFoqZcIVjlrYOSYqdYsNgAnjB+o0xEDMt/Yl3doo7LJM QpFvo2zkDkfZVxQePLyevlQMvP5I1qpq3SFWLB+T/9B1Cgu4CeVlAb/O/uJ5fM3+ J0GEdjR77Ee4oMX9/V8ff9gRD6kUEIQv/A+JKUv6XQQaZpkHwaFICb+/xD7mRlPp viGkbMJChtPVC8qEWeHnjZmDfj8owzVK9J0QSbSIC0yES2dYr176Pl/9i3zQmkS1 gn7lacX3Ufuy6rce1s2uVglcbxEZEopC8UKtqza6Iu0c8HnpEquuqHkKg55isIP5 x1vV3MkjLse30cgC/pslvDV5B7UOUSi1W5qm5+Ri6z4UZWjiBmW/hqbf80hVLlVX oC2V76YcgYA9DXhfGErvB0A9NokepqL/OSwee2Rnni8kd6VNFD6eXQ9h0gvrYPy/ VL8G0Mg9CEB7d01zdTTdBq8D3vq4cqhFRc7iXwKW86iaYsxut7AxA65TMPmyX7AZ anmg9A3hHaoUjzEiU1zKSORe6MPHHaGaahy1unM+raPsRensE0VYNrFgPXP3Nd1F gWQYIYZfE88PoRkcWSmdeJbYjdhjMbmKsQqJ1Bi+god7rK8WVSa7wV9mnxK1pfF1 4H5vTV2JJqBFePBM4844 =pZvM -----END PGP SIGNATURE-----