Cisco RADIUS server crashable with remote requests

Cisco has patched a flaw that could be abused to crash the Remote Authentication Dial-In User Service (RADIUS) feature of its Identity Services Engine, preventing user logins.

Cisco said the vulnerability is rated as high, and is due to improper handling of certain RADIUS requests.

Attackers could exploit the vulnerability by simply attempting to authenticate with a Cisco ISE RADIUS server, which would crash it and stop the processing of further login requests.

Cisco did not provide further detail on which particular RADIUS requests are able to crash the service.

Crashed RADIUS processes require a restart of the affected node, Cisco said in its security advisory.

The RADIUS client-server protocol is widely used currently by internet providers and enterprises to authenticate remote users and keep billing records.

Cisco ISE versions 2.6P5 and later, 2.7P2 and onwards, 3.0 and 3.1 are vulnerable, with fixed software releases now available.

Separately, Cisco also patched software for another vulnerability rated as high, affecting its Ultra Cloud Core.

Authenticated local attackers could escalate their privileges via vulnerable Subscriber Microservices Infrastructure (SMI) software, versions 2020.02.2, 2020.02.6 and 2020.02.7.

Users running Cisco's TelePresence Video Communication Server are advised to patch against a vulnerability in its web-based management interface.

While rated "critical", the vulnerability can only be exploited by authenticated remote attackers with read and write privileges.

They're able to write write files and run arbitrary code, at the privilege level of the root superuser that has full access to all parts of the system, due to insufficient validation of command arguments by users.

Cisco's Expressway is also vulnerable, and users are advised to upgrade to software version 14.0.5.