Critical Severity Vulnerability
This vulnerability has been rated as Critical severity. Immediate action is recommended.
CVE-2024-3596
Critical
Low
Medium
High
Critical
9.0
CVSS Score
Vulnerability Description
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
H
Privileges Required
N
User Interaction
N
Scope
C
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
90 configuration(s) from 3 vendor(s)
fabric_operating_system
Version:
-
CPE:
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*
brocade_sannav
Version:
-
CPE:
cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:*
freeradius
Version:
2.2.9
CPE:
cpe:2.3:a:freeradius:freeradius:2.2.9:*:*:*:*:*:*:*
freeradius
Version:
2.2.0
CPE:
cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*
freeradius
Version:
3.0.13
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.13:*:*:*:*:*:*:*
freeradius
Version:
3.0.5
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*
freeradius
Version:
0.2
CPE:
cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*
freeradius
Version:
2.0.5
CPE:
cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*
freeradius
Version:
3.0.14
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.14:*:*:*:*:*:*:*
freeradius
Version:
3.0.17
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.17:*:*:*:*:*:*:*
freeradius
Version:
3.0.23
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.23:*:*:*:*:*:*:*
freeradius
Version:
2.1.4
CPE:
cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*
freeradius
Version:
1.1.1
CPE:
cpe:2.3:a:freeradius:freeradius:1.1.1:*:*:*:*:*:*:*
freeradius
Version:
3.0.2
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*
freeradius
Version:
1.0.2
CPE:
cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*
freeradius
Version:
2.1.2
CPE:
cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*
freeradius
Version:
3.0.15
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.15:*:*:*:*:*:*:*
freeradius
Version:
3.0.1
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*
freeradius
Version:
0.9.3
CPE:
cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*
freeradius
Version:
3.0.25
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.25:*:*:*:*:*:*:*
freeradius
Version:
2.1.3
CPE:
cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*
freeradius
Version:
0.3
CPE:
cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*
freeradius
Version:
0.9
CPE:
cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*
freeradius
Version:
3.0.26
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.26:*:*:*:*:*:*:*
freeradius
Version:
3.0.8
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*
freeradius
Version:
3.0.3
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*
freeradius
Version:
2.2.8
CPE:
cpe:2.3:a:freeradius:freeradius:2.2.8:*:*:*:*:*:*:*
freeradius
Version:
0.8.1
CPE:
cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*
freeradius
Version:
2.2.3
CPE:
cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*
freeradius
Version:
2.2.7
CPE:
cpe:2.3:a:freeradius:freeradius:2.2.7:*:*:*:*:*:*:*
freeradius
Version:
2.0.2
CPE:
cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*
freeradius
Version:
3.0.22
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.22:*:*:*:*:*:*:*
freeradius
Version:
0.1
CPE:
cpe:2.3:a:freeradius:freeradius:0.1:*:*:*:*:*:*:*
freeradius
Version:
3.0.10
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.10:*:*:*:*:*:*:*
freeradius
Version:
3.0.12
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.12:*:*:*:*:*:*:*
freeradius
Version:
2.1.7
CPE:
cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*
freeradius
Version:
1.1.8
CPE:
cpe:2.3:a:freeradius:freeradius:1.1.8:*:*:*:*:*:*:*
freeradius
Version:
2.1.8
CPE:
cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*
freeradius
Version:
0.9.0
CPE:
cpe:2.3:a:freeradius:freeradius:0.9.0:*:*:*:*:*:*:*
freeradius
Version:
3.0.7
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.7:-:*:*:*:*:*:*
freeradius
Version:
3.0.4
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.4:-:*:*:*:*:*:*
freeradius
Version:
0.6
CPE:
cpe:2.3:a:freeradius:freeradius:0.6:*:*:*:*:*:*:*
freeradius
Version:
2.1.10
CPE:
cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*
freeradius
Version:
1.0.4
CPE:
cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*
freeradius
Version:
0.7
CPE:
cpe:2.3:a:freeradius:freeradius:0.7:*:*:*:*:*:*:*
freeradius
Version:
0.9.1
CPE:
cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*
freeradius
Version:
2.1.11
CPE:
cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*
freeradius
Version:
2.2.10
CPE:
cpe:2.3:a:freeradius:freeradius:2.2.10:*:*:*:*:*:*:*
freeradius
Version:
2.2.2
CPE:
cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*
freeradius
Version:
3.0.16
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.16:*:*:*:*:*:*:*
freeradius
Version:
0.4
CPE:
cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*
freeradius
Version:
2.0.4
CPE:
cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*
freeradius
Version:
3.0.20
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.20:*:*:*:*:*:*:*
freeradius
Version:
1.1.2
CPE:
cpe:2.3:a:freeradius:freeradius:1.1.2:*:*:*:*:*:*:*
freeradius
Version:
0.7.1
CPE:
cpe:2.3:a:freeradius:freeradius:0.7.1:*:*:*:*:*:*:*
freeradius
Version:
2.1.0
CPE:
cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*
freeradius
Version:
2.1.1
CPE:
cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*
freeradius
Version:
3.0.18
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.18:*:*:*:*:*:*:*
freeradius
Version:
3.0.19
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.19:*:*:*:*:*:*:*
freeradius
Version:
2.0
CPE:
cpe:2.3:a:freeradius:freeradius:2.0:*:*:*:*:*:*:*
freeradius
Version:
2.0.0
CPE:
cpe:2.3:a:freeradius:freeradius:2.0.0:-:*:*:*:*:*:*
freeradius
Version:
1.0.1
CPE:
cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*
freeradius
Version:
3.0.9
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.9:*:*:*:*:*:*:*
freeradius
Version:
0.9.2
CPE:
cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*
freeradius
Version:
2.2.4
CPE:
cpe:2.3:a:freeradius:freeradius:2.2.4:*:*:*:*:*:*:*
freeradius
Version:
0.8
CPE:
cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*
freeradius
Version:
2.1.6
CPE:
cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*
freeradius
Version:
2.0.3
CPE:
cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*
freeradius
Version:
0.5
CPE:
cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*
freeradius
Version:
1.1.7
CPE:
cpe:2.3:a:freeradius:freeradius:1.1.7:*:*:*:*:*:*:*
freeradius
Version:
2.1.9
CPE:
cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*
freeradius
Version:
3.0.11
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.11:*:*:*:*:*:*:*
freeradius
Version:
2.1.12
CPE:
cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*
freeradius
Version:
1.1.0
CPE:
cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*
freeradius
Version:
3.0.21
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.21:*:*:*:*:*:*:*
freeradius
Version:
1.0.0
CPE:
cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*
freeradius
Version:
1.0.5
CPE:
cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*
freeradius
Version:
2.2.6
CPE:
cpe:2.3:a:freeradius:freeradius:2.2.6:*:*:*:*:*:*:*
freeradius
Version:
1.1.4
CPE:
cpe:2.3:a:freeradius:freeradius:1.1.4:*:*:*:*:*:*:*
freeradius
Version:
1.1.6
CPE:
cpe:2.3:a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*
freeradius
Version:
2.0.1
CPE:
cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*
freeradius
Version:
3.0.24
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.24:*:*:*:*:*:*:*
freeradius
Version:
1.1.5
CPE:
cpe:2.3:a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*
freeradius
Version:
1.0.3
CPE:
cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*
freeradius
Version:
3.0.0
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.0:-:*:*:*:*:*:*
freeradius
Version:
2.2.1
CPE:
cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*
freeradius
Version:
2.2.5
CPE:
cpe:2.3:a:freeradius:freeradius:2.2.5:*:*:*:*:*:*:*
freeradius
Version:
3.0.6
CPE:
cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*
freeradius
Version:
1.1.3
CPE:
cpe:2.3:a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*
sonicos
Version:
-
CPE:
cpe:2.3:o:sonicwall:sonicos:-:*:*:*:*:*:*:*
This vulnerability affects 90 software configuration(s). Ensure you patch all affected systems.
Microsoft
2024-Jul-CVE-2024-3596
CVE-2024-3596: CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability
Severity
Unknown
Released
Oct 11, 2025
Security Update
Oracle
CPUJAN2025
Oracle Critical Patch Update Advisory - January 2025
Severity
Critical
Released
Jan 21, 2025
Restart Required
Security Update
References & Resources
-
http://www.openwall.com/lists/oss-security/2024/07/09/4cret@cert.org Mailing List
-
https://cert-portal.siemens.com/productcert/html/ssa-723487.htmlcret@cert.org
-
https://cert-portal.siemens.com/productcert/html/ssa-794185.htmlcret@cert.org
-
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/cret@cert.org Technical Description
-
https://datatracker.ietf.org/doc/html/rfc2865cret@cert.org Technical Description
-
https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdfcret@cert.org Third Party Advisory
-
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014cret@cert.org Third Party Advisory
-
https://www.blastradius.fail/cret@cert.org Technical Description
-
http://www.openwall.com/lists/oss-security/2024/07/09/4af854a3a-2127-422b-91ae-364da2661108 Mailing List
-
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/af854a3a-2127-422b-91ae-364da2661108 Technical Description
-
https://datatracker.ietf.org/doc/html/rfc2865af854a3a-2127-422b-91ae-364da2661108 Technical Description
-
https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdfaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20240822-0001/af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocolaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.blastradius.fail/af854a3a-2127-422b-91ae-364da2661108 Technical Description
-
https://www.kb.cert.org/vuls/id/456537af854a3a-2127-422b-91ae-364da2661108
Severity Details
9.0
out of 10.0
Critical
Weakness Type (CWE)
CWE-354
Improper Validation of Integrity Check Value
- Description
- The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
- Exploit Likelihood
- Medium
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- July 09, 2024
