Vulnerability Details : CVE-2024-3596
Potential exploit
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Products affected by CVE-2024-3596
- cpe:2.3:o:sonicwall:sonicos:-:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-3596
1.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-3596
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
N/A
|
N/A
|
Cisco:cisco-sa-radius-spoofing-july-2024-87cCDwZ3 | 2024-07-11 |
|
9.0
|
CRITICAL | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
2.2
|
6.0
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-03-18 |
|
9.0
|
CRITICAL | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
2.2
|
6.0
|
NIST | 2024-12-30 |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/... |
N/A
|
N/A
|
MS-CVE-2024-3596 | 2024-07-09 |
|
9.0
|
CRITICAL | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
N/A
|
N/A
|
RedHat-CVE-2024-3596 | 2024-07-09 |
CWE ids for CVE-2024-3596
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
-
The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
-
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
-
The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2024-3596
-
https://www.kb.cert.org/vuls/id/456537
VU#456537 - RADIUS protocol susceptible to forgery attacks.
-
https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
Blast RADIUS | Inkbridge NetworksThird Party Advisory
-
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
draft-ietf-radext-deprecating-radius-01 - Deprecating Insecure Practices in RADIUSTechnical Description
-
https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol
Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20240822-0001/
Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/07/09/4
oss-security - CVE-2024-3596: RADIUS/UDP vulnerable to improved MD5 collision attackMailing List
-
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
Security AdvisoryThird Party Advisory
-
https://datatracker.ietf.org/doc/html/rfc2865
RFC 2865 - Remote Authentication Dial In User Service (RADIUS)Technical Description
-
https://www.blastradius.fail/
BLAST RADIUSTechnical Description
Jump to