9

CVE-2024-3596

Medienbericht

RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreeradiusFreeradius Version < 3.0.27
BroadcomBrocade Sannav Version-
SonicwallSonicos Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.86% 0.963
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 2.2 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 9 2.2 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
http://www.openwall.com/lists/oss-security/2024/07/09/4
Mailing List
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
Technical Description
https://datatracker.ietf.org/doc/html/rfc2865
Technical Description
https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
Third Party Advisory
https://www.blastradius.fail/
Technical Description
https://security.netapp.com/advisory/ntap-20240822-0001/
Third Party Advisory
https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol
Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-723487.html
https://cert-portal.siemens.com/productcert/html/ssa-794185.html
https://www.kb.cert.org/vuls/id/456537
https://cert-portal.siemens.com/productcert/html/ssa-364175.html
https://cert-portal.siemens.com/productcert/html/ssa-770770.html