Vulnerability Description
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freeradius | Freeradius | < 3.0.27 |
| Broadcom | Brocade Sannav | - |
| Broadcom | Fabric Operating System | - |
| Sonicwall | Sonicos | - |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/07/09/4Mailing List
- https://cert-portal.siemens.com/productcert/html/ssa-723487.html
- https://cert-portal.siemens.com/productcert/html/ssa-794185.html
- https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/Technical Description
- https://datatracker.ietf.org/doc/html/rfc2865Technical Description
- https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdfThird Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014Third Party Advisory
- https://www.blastradius.fail/Technical Description
- http://www.openwall.com/lists/oss-security/2024/07/09/4Mailing List
- https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/Technical Description
- https://datatracker.ietf.org/doc/html/rfc2865Technical Description
- https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdfThird Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014Third Party Advisory
- https://security.netapp.com/advisory/ntap-20240822-0001/Third Party Advisory
- https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-pThird Party Advisory
FAQ
What is CVE-2024-3596?
CVE-2024-3596 is a vulnerability with a CVSS score of 9.0 (CRITICAL). RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a...
How severe is CVE-2024-3596?
CVE-2024-3596 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-3596?
Check the references section above for vendor advisories and patch information. Affected products include: Freeradius Freeradius, Broadcom Brocade Sannav, Broadcom Fabric Operating System, Sonicwall Sonicos.