First published: Wed Feb 07 2024(Updated: )
A fundamental design flaw within the RADIUS protocol has been proven to be exploitable, compromising the integrity in the RADIUS Access-Request process. The attack allows a malicious user to modify packets in a way that would be indistinguishable to a RADIUS client or server. To be successful, the attacker must have the ability to inject themselves between the client and server.
Credit: cret@cert.org cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows 10 | =21H2 | |
Microsoft Windows Server 2008 R2 | ||
Microsoft Windows 10 | =22H2 | |
Microsoft Windows Server 2012 R2 | ||
Microsoft Windows Server 2012 R2 | ||
Microsoft Windows 10 | ||
Microsoft Windows 10 | =22H2 | |
Microsoft Windows 10 | =22H2 | |
Microsoft Windows 10 | =21H2 | |
Microsoft Windows 10 | =1607 | |
Microsoft Windows 10 | =1607 | |
Microsoft Windows 10 | =1809 | |
Microsoft Windows 10 | =1809 | |
Microsoft Windows 10 | ||
Microsoft Windows Server 2008 R2 | ||
Microsoft Windows 10 | =1809 | |
Microsoft Windows 10 | =21H2 | |
Microsoft Windows Server 2022 23H2 | ||
debian/freeradius | <=3.0.21+dfsg-2.2+deb11u1<=3.2.1+dfsg-4+deb12u1 | 3.2.6+dfsg-3 |
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
FreeRADIUS | <3.0.27 | |
Brocade SANnav | ||
Broadcom Fabric Operating System | ||
SonicWALL SonicOS | ||
F5 BIG-IP Next Central Manager | >=20.2.0<=20.3.0 | |
F5 BIG-IP Access Policy Manager | >=17.1.0<=17.1.1 | 17.1.2417.1.1.4 |
F5 BIG-IP Access Policy Manager | >=16.1.0<=16.1.5 | - |
F5 BIG-IP Access Policy Manager | >=15.1.0<=15.1.10 | - |
F5 BIG-IP and BIG-IQ Centralized Management | >=17.1.0<=17.1.1 | 17.1.2417.1.1.4 |
F5 BIG-IP and BIG-IQ Centralized Management | >=16.1.0<=16.1.5 | - |
F5 BIG-IP and BIG-IQ Centralized Management | >=15.1.0<=15.1.10 | - |
F5 BIG-IP and BIG-IQ Centralized Management | >=8.2.0<=8.3.0 | |
F5 F5OS | =1.7.0>=1.5.1<=1.5.2 | 1.8.0 |
F5 F5OS | >=1.6.0<=1.6.2 | 1.8.0 |
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2019 | ||
Microsoft Windows Server 2019 | ||
Windows 11 | =23H2 | |
Windows 11 | =22H2 | |
Windows 11 | =22H2 | |
Windows 11 | =21H2 | |
Windows 11 | =21H2 | |
Windows 11 | =23H2 | |
Microsoft Windows Server 2022 | ||
Microsoft Windows Server 2022 | ||
Fortinet FortiADC | =. | |
Fortinet FortiADC | >=7.4.0<=7.4.5 | |
Fortinet FortiADC | >=7.2 | |
Fortinet FortiADC | >=7.1 | |
Fortinet FortiADC | >=7.0 | |
Fortinet FortiADC | >=6.2 | |
Fortinet FortiADC | >=6.1 | |
Fortinet FortiADC | >=6.0 | |
Fortinet FortiAnalyzer | =. | |
Fortinet FortiAnalyzer | >=7.4.0<=7.4.5 | |
Fortinet FortiAnalyzer | >=7.2.0<=7.2.9 | |
Fortinet FortiAnalyzer | >=7.0 | |
Fortinet FortiGuest | =. | |
Fortinet FortiGuest | >=1.2.0<=1.2.1 | |
Fortinet FortiGuest | >=1.1 | |
Fortinet FortiGuest | >=1.0 | |
Fortinet FortiManager | >=7.6.0<=7.6.1 | |
Fortinet FortiManager | >=7.4.0<=7.4.5 | |
Fortinet FortiManager | >=7.2.0<=7.2.9 | |
Fortinet FortiManager | >=7.0 | |
Fortinet FortiOS IPS Engine | =. | |
Fortinet FortiOS IPS Engine | >=7.4.0<=7.4.5 | |
Fortinet FortiOS IPS Engine | >=7.2.0<=7.2.10 | |
Fortinet FortiOS IPS Engine | >=7.0 | |
Fortinet FortiOS IPS Engine | >=6.4 | |
Fortinet FortiProxy | >=7.4.0<=7.4.5 | |
Fortinet FortiProxy | >=7.2 | |
Fortinet FortiProxy | >=7.0 | |
Fortinet FortiWeb | =. | |
Fortinet FortiWeb | >=7.4.0<=7.4.4 | |
Fortinet FortiWeb | >=7.2 | |
Fortinet FortiWeb | >=7.0 |
Disable the use of RADIUS/UDP and RADIUS/TCP - instead RADIUS/TLS or RADIUS/DTLS should be used.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-3596 has been categorized as a critical vulnerability affecting RADIUS implementations.
To address CVE-2024-3596, it is recommended to apply the latest security patches provided by your software vendor.
CVE-2024-3596 affects multiple products including Windows Server 2019, Windows 10, Windows Server 2008 R2, and various FreeRADIUS versions.
Yes, CVE-2024-3596 is associated with a known exploit that allows attackers to bypass authentication in RADIUS systems.
CVE-2024-3596 was reported by Nadia Heninger from the University of California San Diego.