CVE-2024-3596

EUVD-2024-32175
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 CRITICAL
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA-ADPADP
9 CRITICAL
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
freeradiusfreeradius
𝑥
< 3.0.27
broadcombrocade_sannav
-
broadcomfabric_operating_system
-
sonicwallsonicos
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5040448
1607 (x64, x86)
KB5040434
1809 (x64, x86)
KB5040430
21H2 (arm64, x64, x86)
KB5040427
22H2 (arm64, x64, x86)
KB5040427
Windows 11
21H2 (arm64, x64)
KB5040431
22H2 (arm64, x64)
KB5040442
23H2 (arm64, x64)
KB5040442
Windows Server 2008
Service Pack 2 (x64, x86)
KB5040499
Service Pack 2 Server Core (x64, x86)
KB5040499
Windows Server 2008 R2
Service Pack 1 (x64)
KB5040498
Service Pack 1 Server Core (x64)
KB5040498
Windows Server 2012
Server Core
KB5040485
Standard
KB5040485
Windows Server 2012 R2
Server Core
KB5040456
Standard
KB5040456
Windows Server 2016
Server Core
KB5040434
Standard
KB5040434
Windows Server 2019
Server Core
KB5040430
Standard
KB5040430
Windows Server 2022
23H2 Server Core
KB5040438
Server Core
KB5040437
Standard
KB5040437
Debian logo
Debian Releases
Debian Product
Codename
freeradius
bookworm
no-dsa
bullseye
postponed
bullseye (security)
vulnerable
forky
3.2.8+dfsg-1
fixed
sid
3.2.8+dfsg-1
fixed
trixie
3.2.7+dfsg-1+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freeradius
bionic
needed
focal
Fixed 3.0.20+dfsg-3ubuntu0.4
released
jammy
Fixed 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3
released
mantic
ignored
noble
Fixed 3.2.5+dfsg-3~ubuntu24.04.1
released
oracular
not-affected
plucky
not-affected
questing
not-affected
xenial
needed
krb5
bionic
Fixed 1.16-2ubuntu0.4+esm3
released
focal
Fixed 1.17-6ubuntu4.8
released
jammy
Fixed 1.19.2-2ubuntu0.5
released
noble
Fixed 1.20.1-6ubuntu2.3
released
oracular
Fixed 1.21.3-3ubuntu0.1
released
plucky
Fixed 1.21.3-4ubuntu1
released
questing
Fixed 1.21.3-4ubuntu1
released
trusty
Fixed 1.12+dfsg-2ubuntu5.4+esm6
released
xenial
Fixed 1.13.2+dfsg-5ubuntu2.2+esm6
released
libpam-radius-auth
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
not-affected
questing
not-affected
trusty
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2024/07/09/4
https://cert-portal.siemens.com/productcert/html/ssa-723487.html
https://cert-portal.siemens.com/productcert/html/ssa-794185.html
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
https://datatracker.ietf.org/doc/html/rfc2865
https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
https://www.blastradius.fail/
http://www.openwall.com/lists/oss-security/2024/07/09/4
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
https://datatracker.ietf.org/doc/html/rfc2865
https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
https://security.netapp.com/advisory/ntap-20240822-0001/
https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol
https://www.blastradius.fail/
https://www.kb.cert.org/vuls/id/456537