certfr_avis - certfr-2024-avi-0942

CERTFR-2024-AVI-0942

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans les produits Broadcom. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Broadcom	ASG-S200	ASG-S200 versions antérieures à 7.3.23.1
Broadcom	ASG-S200	ASG-S200 versions antérieures à 7.4.7.1
Broadcom	ASG-S400	ASG-S400 versions antérieures à 7.3.23.1
Broadcom	ASG-S400	ASG-S400 versions antérieures à 7.4.7.1
Broadcom	ASG-S500	ASG-S500 versions antérieures à 7.3.23.1
Broadcom	ASG-S500	ASG-S500 versions antérieures à 7.4.7.1
Broadcom	CAS-S200	CAS-S200 versions antérieures à 7.3.23.1
Broadcom	CAS-S200	CAS-S200 versions antérieures à 7.4.7.1
Broadcom	CAS-S200-A1	CAS-S200-A1 versions antérieures à 7.3.23.1
Broadcom	CAS-S200-A1	CAS-S200-A1 versions antérieures à 7.4.7.1
Broadcom	CAS-S400	CAS-S400 versions antérieures à 7.3.23.1
Broadcom	CAS-S400	CAS-S400 versions antérieures à 7.4.7.1
Broadcom	CAS-S500	CAS-S500 versions antérieures à 7.3.23.1
Broadcom	CAS-S500	CAS-S500 versions antérieures à 7.4.7.1
Broadcom	Content Analysis Software	Content Analysis Software versions antérieures à 7.3.23.1
Broadcom	Content Analysis Software	Content Analysis Software versions antérieures à 7.4.7.1
Broadcom	ISG Content Analysis	ISG Content Analysis versions antérieures à 7.3.23.1
Broadcom	ISG Content Analysis	ISG Content Analysis versions antérieures à 7.4.7.1
Broadcom	ISG Proxy	ISG Proxy versions antérieures à 7.3.23.1
Broadcom	ISG Proxy	ISG Proxy versions antérieures à 7.4.7.1
Broadcom	Management Center	Management Center versions antérieures à 7.3.23.1
Broadcom	Management Center	Management Center versions antérieures à 7.4.7.1
Broadcom	Management Center - VA	Management Center - VA versions antérieures à 7.3.23.1
Broadcom	Management Center - VA	Management Center - VA versions antérieures à 7.4.7.1
Broadcom	MC-S400-20	MC-S400-20 versions antérieures à 7.3.23.1
Broadcom	MC-S400-20	MC-S400-20 versions antérieures à 7.4.7.1
Broadcom	ProxySG Software - SGOS	ProxySG Software - SGOS versions antérieures à 7.3.23.1
Broadcom	ProxySG Software - SGOS	ProxySG Software - SGOS versions antérieures à 7.4.7.1
Broadcom	Reporter	Reporter versions antérieures à 7.3.23.1
Broadcom	Reporter	Reporter versions antérieures à 7.4.7.1
Broadcom	Reporter-S500	Reporter-S500 versions antérieures à 7.3.23.1
Broadcom	Reporter-S500	Reporter-S500 versions antérieures à 7.4.7.1
Broadcom	Reporter-VA	Reporter-VA versions antérieures à 7.3.23.1
Broadcom	Reporter-VA	Reporter-VA versions antérieures à 7.4.7.1
Broadcom	SG-S200	SG-S200 versions antérieures à 7.3.23.1
Broadcom	SG-S200	SG-S200 versions antérieures à 7.4.7.1
Broadcom	SG-S200-40	SG-S200-40 versions antérieures à 7.3.23.1
Broadcom	SG-S200-40	SG-S200-40 versions antérieures à 7.4.7.1
Broadcom	SG-S200-RP	SG-S200-RP versions antérieures à 7.3.23.1
Broadcom	SG-S200-RP	SG-S200-RP versions antérieures à 7.4.7.1
Broadcom	SG-S400	SG-S400 versions antérieures à 7.3.23.1
Broadcom	SG-S400	SG-S400 versions antérieures à 7.4.7.1
Broadcom	SG-S400-RP	SG-S400-RP versions antérieures à 7.3.23.1
Broadcom	SG-S400-RP	SG-S400-RP versions antérieures à 7.4.7.1
Broadcom	SG-S500	SG-S500 versions antérieures à 7.3.23.1
Broadcom	SG-S500	SG-S500 versions antérieures à 7.4.7.1
Broadcom	SG-S500-RP	SG-S500-RP versions antérieures à 7.3.23.1
Broadcom	SG-S500-RP	SG-S500-RP versions antérieures à 7.4.7.1
Broadcom	SSL Visibility Appliance Software	SSL Visibility Appliance Software versions antérieures à 7.3.23.1
Broadcom	SSL Visibility Appliance Software	SSL Visibility Appliance Software versions antérieures à 7.4.7.1
Broadcom	SSP	SSP versions antérieures à 7.3.23.1
Broadcom	SSP	SSP versions antérieures à 7.4.7.1
Broadcom	SSP-S210 PLATFORM	SSP-S210 PLATFORM versions antérieures à 7.3.23.1
Broadcom	SSP-S210 PLATFORM	SSP-S210 PLATFORM versions antérieures à 7.4.7.1
Broadcom	SSP-S410	SSP-S410 versions antérieures à 7.3.23.1
Broadcom	SSP-S410	SSP-S410 versions antérieures à 7.4.7.1
Broadcom	SSP-S410 PLATFORM	SSP-S410 PLATFORM versions antérieures à 7.3.23.1
Broadcom	SSP-S410 PLATFORM	SSP-S410 PLATFORM versions antérieures à 7.4.7.1
Broadcom	SV-1800	SV-1800 versions antérieures à 7.3.23.1
Broadcom	SV-1800	SV-1800 versions antérieures à 7.4.7.1
Broadcom	SV-2800	SV-2800 versions antérieures à 7.3.23.1
Broadcom	SV-2800	SV-2800 versions antérieures à 7.4.7.1
Broadcom	SV-3800	SV-3800 versions antérieures à 7.3.23.1
Broadcom	SV-3800	SV-3800 versions antérieures à 7.4.7.1
Broadcom	SV-800	SV-800 versions antérieures à 7.3.23.1
Broadcom	SV-800	SV-800 versions antérieures à 7.4.7.1
Broadcom	SV-S550	SV-550 versions antérieures à 7.3.23.1
Broadcom	SV-S550	SV-550 versions antérieures à 7.4.7.1

References

Title

Publication Time

Tags

Bulletin de sécurité Broadcom 25157

2024-11-01

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ASG-S200 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "ASG-S200",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "ASG-S200 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "ASG-S200",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "ASG-S400 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "ASG-S400",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "ASG-S400 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "ASG-S400",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "ASG-S500 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "ASG-S500",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "ASG-S500 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "ASG-S500",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "CAS-S200 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "CAS-S200",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "CAS-S200 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "CAS-S200",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "CAS-S200-A1 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "CAS-S200-A1",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "CAS-S200-A1 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "CAS-S200-A1",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "CAS-S400 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "CAS-S400",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "CAS-S400 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "CAS-S400",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "CAS-S500 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "CAS-S500",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "CAS-S500 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "CAS-S500",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "Content Analysis Software versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "Content Analysis Software",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "Content Analysis Software versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "Content Analysis Software",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "ISG Content Analysis versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "ISG Content Analysis",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "ISG Content Analysis  versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "ISG Content Analysis",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "ISG Proxy versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "ISG Proxy",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "ISG Proxy  versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "ISG Proxy",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "Management Center versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "Management Center",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "Management Center versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "Management Center",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "Management Center - VA versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "Management Center - VA",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "Management Center - VA versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "Management Center - VA",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "MC-S400-20 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "MC-S400-20",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "MC-S400-20 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "MC-S400-20",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "ProxySG Software - SGOS versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "ProxySG Software - SGOS",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "ProxySG Software - SGOS versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "ProxySG Software - SGOS",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "Reporter versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "Reporter",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "Reporter versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "Reporter",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "Reporter-S500 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "Reporter-S500",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "Reporter-S500 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "Reporter-S500",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "Reporter-VA versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "Reporter-VA",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "Reporter-VA versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "Reporter-VA",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SG-S200 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SG-S200",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SG-S200 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SG-S200",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SG-S200-40 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SG-S200-40",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SG-S200-40 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SG-S200-40",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SG-S200-RP versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SG-S200-RP",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SG-S200-RP versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SG-S200-RP",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SG-S400 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SG-S400",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SG-S400 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SG-S400",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SG-S400-RP versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SG-S400-RP",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SG-S400-RP versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SG-S400-RP",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SG-S500 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SG-S500",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SG-S500 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SG-S500",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SG-S500-RP versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SG-S500-RP",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SG-S500-RP versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SG-S500-RP",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SSL Visibility Appliance Software versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SSL Visibility Appliance Software",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SSL Visibility Appliance Software versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SSL Visibility Appliance Software",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SSP versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SSP",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SSP versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SSP",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SSP-S210 PLATFORM versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SSP-S210 PLATFORM",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SSP-S210 PLATFORM versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SSP-S210 PLATFORM",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SSP-S410 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SSP-S410",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SSP-S410 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SSP-S410",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SSP-S410 PLATFORM versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SSP-S410 PLATFORM",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SSP-S410 PLATFORM versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SSP-S410 PLATFORM",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SV-1800 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SV-1800",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SV-1800 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SV-1800",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SV-2800 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SV-2800",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SV-2800 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SV-2800",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SV-3800 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SV-3800",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SV-3800 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SV-3800",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SV-800 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SV-800",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SV-800 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SV-800",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SV-550 versions ant\u00e9rieures \u00e0 7.3.23.1",
      "product": {
        "name": "SV-S550",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "SV-550 versions ant\u00e9rieures \u00e0 7.4.7.1",
      "product": {
        "name": "SV-S550",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0942",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-11-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Broadcom. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Broadcom",
  "vendor_advisories": [
    {
      "published_at": "2024-11-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Broadcom 25157",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25157"
    }
  ]
}

CVE-2024-3596 (GCVE-0-2024-3596)

Vulnerability from cvelistv5 – Published: 2024-07-09 12:02 – Updated: 2025-11-04 17:20

Summary

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Severity ?

9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

Assigner

certcc

References

URL

Tags

	https://datatracker.ietf.org/doc/html/rfc2865
	https://datatracker.ietf.org/doc/draft-ietf-radex…
	https://networkradius.com/assets/pdf/radius_and_m…
	https://www.blastradius.fail/
	http://www.openwall.com/lists/oss-security/2024/07/09/4
	https://psirt.global.sonicwall.com/vuln-detail/SN…
	https://cert-portal.siemens.com/productcert/html/…	vendor-advisory
	https://cert-portal.siemens.com/productcert/html/…	vendor-advisory

Impacted products

	Vendor	Product	Version
	IETF	RFC	Affected: 2865

Credits

Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ietf:rfc:2865:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "rfc",
            "vendor": "ietf",
            "versions": [
              {
                "status": "affected",
                "version": "2865"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-3596",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T03:55:37.141738Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-04T21:05:25.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:20:52.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20240822-0001/"
          },
          {
            "url": "https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://datatracker.ietf.org/doc/html/rfc2865"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.blastradius.fail/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/456537"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RFC",
          "vendor": "IETF",
          "versions": [
            {
              "status": "affected",
              "version": "2865"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-328: Use of Weak Hash",
              "lang": "en"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-03T17:29:16.788Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://datatracker.ietf.org/doc/html/rfc2865"
        },
        {
          "url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
        },
        {
          "url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
        },
        {
          "url": "https://www.blastradius.fail/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
        },
        {
          "name": "Siemens Security Advisory by Siemens ProductCERT for  SIPROTEC, SICAM and related product",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-794185.html"
        },
        {
          "name": "Siemens Security Advisory by Siemens ProductCERT to SCALANCE, RUGGEDCOM and related products.",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-723487.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.",
      "x_generator": {
        "engine": "VINCE 3.0.4",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3596"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2024-3596",
    "datePublished": "2024-07-09T12:02:53.001Z",
    "dateReserved": "2024-04-10T15:09:45.391Z",
    "dateUpdated": "2025-11-04T17:20:52.225Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2024-AVI-0942

Solutions

CVE-2024-3596 (GCVE-0-2024-3596)

Tags

Sightings

Nomenclature