CVE-2024-3596

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3596
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

9.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2024/07/09/4 Mailing List
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ Technical Description
https://datatracker.ietf.org/doc/html/rfc2865 Technical Description
https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014 Third Party Advisory
https://www.blastradius.fail/ Technical Description
http://www.openwall.com/lists/oss-security/2024/07/09/4 Mailing List
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ Technical Description
https://datatracker.ietf.org/doc/html/rfc2865 Technical Description
https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014 Third Party Advisory
https://security.netapp.com/advisory/ntap-20240822-0001/ Third Party Advisory
https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol Third Party Advisory
https://www.blastradius.fail/ Technical Description
Configurations

Configuration 1 (hide)

cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:sonicwall:sonicos:-:*:*:*:*:*:*:*
History

18 Mar 2025, 16:15

Type Values Removed Values Added
CWE CWE-328
CWE-200

30 Dec 2024, 19:23

Type Values Removed Values Added
CPE cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:-:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.0
First Time Freeradius
Sonicwall
Sonicwall sonicos
Broadcom brocade Sannav
Broadcom fabric Operating System
Broadcom
Freeradius freeradius
CWE CWE-354
CWE-924
References () http://www.openwall.com/lists/oss-security/2024/07/09/4 - () http://www.openwall.com/lists/oss-security/2024/07/09/4 - Mailing List
References () https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ - () https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ - Technical Description
References () https://datatracker.ietf.org/doc/html/rfc2865 - () https://datatracker.ietf.org/doc/html/rfc2865 - Technical Description
References () https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf - () https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf - Third Party Advisory
References () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014 - () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014 - Third Party Advisory
References () https://www.blastradius.fail/ - () https://www.blastradius.fail/ - Technical Description
References () https://security.netapp.com/advisory/ntap-20240822-0001/ - () https://security.netapp.com/advisory/ntap-20240822-0001/ - Third Party Advisory
References () https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol - () https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol - Third Party Advisory

21 Nov 2024, 09:29

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240822-0001/ -
  • () https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol -
References () http://www.openwall.com/lists/oss-security/2024/07/09/4 - () http://www.openwall.com/lists/oss-security/2024/07/09/4 -
References () https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ - () https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ -
References () https://datatracker.ietf.org/doc/html/rfc2865 - () https://datatracker.ietf.org/doc/html/rfc2865 -
References () https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf - () https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf -
References () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014 - () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014 -
References () https://www.blastradius.fail/ - () https://www.blastradius.fail/ -

23 Jul 2024, 09:15

Type Values Removed Values Added
References
  • () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014 -
Summary
  • (es) El protocolo RADIUS según RFC 2865 es susceptible a ataques de falsificación por parte de un atacante local que puede modificar cualquier respuesta válida (acceso-aceptación, acceso-rechazo o acceso-desafío) a cualquier otra respuesta utilizando un ataque de colisión de prefijo elegido contra la firma del autenticador de respuesta MD5. .

09 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/09/4 -

09 Jul 2024, 15:15

Type Values Removed Values Added
References
  • {'url': 'https://www.kb.cert.org/vuls/id/456537', 'source': 'cret@cert.org'}

09 Jul 2024, 14:15

Type Values Removed Values Added
References
  • () https://www.kb.cert.org/vuls/id/456537 -

09 Jul 2024, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-09 12:15

Updated : 2025-03-18 16:15

NVD link : CVE-2024-3596

Mitre link : CVE-2024-3596

CVE.ORG link : CVE-2024-3596

JSON object : View

Products Affected

broadcom

  • brocade_sannav
  • fabric_operating_system

sonicwall

  • sonicos

freeradius

  • freeradius
CWE
CWE-354

Improper Validation of Integrity Check Value

CWE-924

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-328

Reversible One-Way Hash