CVE-2024-3596

CRITICAL

RADIUS Protocol - Forgery

Title source: llm

Description

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Exploits (1)

nomisec SCANNER 7 stars

by alperenugurlu · poc

https://github.com/alperenugurlu/CVE-2024-3596-Detector

View Code ZIP pw:eip

References (11)

[Mailing List] http://www.openwall.com/lists/oss-security/2024/07/09/4

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-723487.html

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-794185.html

[Technical Description] https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/

[Technical Description] https://datatracker.ietf.org/doc/html/rfc2865

[Third Party Advisory] https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf

[Third Party Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014

[Technical Description] https://www.blastradius.fail/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20240822-0001/

[Third Party Advisory] https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/456537

Scores

CVSS v3 9.0

EPSS 0.1367

EPSS Percentile 94.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-924 CWE-354

Status published

Products (4)

broadcom/brocade_sannav

broadcom/fabric_operating_system

freeradius/freeradius < 3.0.27

sonicwall/sonicos

Published Jul 09, 2024

Tracked Since Feb 18, 2026