CVE-2024-3596

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 CRITICAL
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
certccCNA
---
---
CISA-ADPADP
9 CRITICAL
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
freeradiusfreeradius
𝑥
< 3.0.27
broadcombrocade_sannav
-
broadcomfabric_operating_system
-
sonicwallsonicos
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freeradius
bullseye
postponed
bookworm
no-dsa
bullseye (security)
vulnerable
trixie
3.2.7+dfsg-1
fixed
forky
3.2.8+dfsg-1
fixed
sid
3.2.8+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freeradius
plucky
not-affected
oracular
not-affected
noble
Fixed 3.2.5+dfsg-3~ubuntu24.04.1
released
mantic
ignored
jammy
Fixed 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3
released
focal
Fixed 3.0.20+dfsg-3ubuntu0.4
released
bionic
needed
xenial
needed
krb5
plucky
Fixed 1.21.3-4ubuntu1
released
oracular
Fixed 1.21.3-3ubuntu0.1
released
noble
Fixed 1.20.1-6ubuntu2.3
released
jammy
Fixed 1.19.2-2ubuntu0.5
released
focal
Fixed 1.17-6ubuntu4.8
released
bionic
Fixed 1.16-2ubuntu0.4+esm3
released
xenial
Fixed 1.13.2+dfsg-5ubuntu2.2+esm6
released
trusty
Fixed 1.12+dfsg-2ubuntu5.4+esm6
released
libpam-radius-auth
plucky
not-affected
oracular
ignored
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2024/07/09/4
https://cert-portal.siemens.com/productcert/html/ssa-723487.html
https://cert-portal.siemens.com/productcert/html/ssa-794185.html
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
https://datatracker.ietf.org/doc/html/rfc2865
https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
https://www.blastradius.fail/
http://www.openwall.com/lists/oss-security/2024/07/09/4
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
https://datatracker.ietf.org/doc/html/rfc2865
https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
https://security.netapp.com/advisory/ntap-20240822-0001/
https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol
https://www.blastradius.fail/