Cisco Bug: CSCun25815 - ISE 1.2 marks DCs as 'Dead' while doing a 'CAPILdapFetch'
Jun 10, 2016
- Cisco Identity Services Engine
Known Affected Releases
Symptoms: A vulnerability in the Active Directory integration component of Cisco Identity Service Engine could allow an unauthenticated, remote attacker to perform a denial of service attack. The vulnerability is due to improper handling of PAP authentication requests when ISE is configured with authorization policy based on Active Directory group membership. An attacker could exploit this vulnerability by crafting a special but formally correct PAP authentication request that will trigger the issue. An exploit could allow the attacker to cause the failures of all subsequent authentication requests for the same Active Directory domain. Conditions: ISE is configured with authorization policy based on Active Directory group membership with AD attribute retrieval and check configured
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases