CVE-2024-3596

moderate-risk
Published 2024-07-09

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Do I need to act?

!
15.3% chance of exploitation in next 30 days
EPSS score — higher than 85% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.0/10 Critical
NETWORK / HIGH complexity

Affected Products (4)

Affected Vendors

Broadcom Sonicwall Freeradius

References (17)

Mailing List http://www.openwall.com/lists/oss-security/2024/07/09/4
https://cert-portal.siemens.com/productcert/html/ssa-723487.html
https://cert-portal.siemens.com/productcert/html/ssa-794185.html
Technical Description https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
Technical Description https://datatracker.ietf.org/doc/html/rfc2865
Third Party Advisory https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
Third Party Advisory https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
Technical Description https://www.blastradius.fail/
Mailing List http://www.openwall.com/lists/oss-security/2024/07/09/4
Technical Description https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
Technical Description https://datatracker.ietf.org/doc/html/rfc2865
Third Party Advisory https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
Third Party Advisory https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
Third Party Advisory https://security.netapp.com/advisory/ntap-20240822-0001/
Third Party Advisory https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-p...
Technical Description https://www.blastradius.fail/
https://www.kb.cert.org/vuls/id/456537
49
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 13/34 · Low
Exposure 10/34 · Low