- Vulnerability/
- CVE-2024-3596
CWE
328 200 924 354
7/2/2024
9/7/2024
9/7/2024
13/8/2024
9/9/2024
4/2/2025
6/3/2025
CVE-2024-3596: RADIUS Protocol CVE-2024-3596
First published: Wed Feb 07 2024(Updated: )
A fundamental design flaw within the RADIUS protocol has been proven to be exploitable, compromising the integrity in the RADIUS Access-Request process. The attack allows a malicious user to modify packets in a way that would be indistinguishable to a RADIUS client or server. To be successful, the attacker must have the ability to inject themselves between the client and server.
Credit: cret@cert.org cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows Server 2008 R2 | ||
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows Server 2012 R2 | ||
| Microsoft Windows Server 2012 R2 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | ||
| Microsoft Windows Server 2008 R2 | ||
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows Server 2022 23H2 | ||
| debian/freeradius | <=3.0.21+dfsg-2.2+deb11u1<=3.2.1+dfsg-4+deb12u1 | 3.2.6+dfsg-3 |
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| FreeRADIUS | <3.0.27 | |
| Brocade SANnav | ||
| Broadcom Fabric Operating System | ||
| SonicWALL SonicOS | ||
| F5 BIG-IP Next Central Manager | >=20.2.0<=20.3.0 | |
| F5 BIG-IP Access Policy Manager | >=17.1.0<=17.1.1 | 17.1.2417.1.1.4 |
| F5 BIG-IP Access Policy Manager | >=16.1.0<=16.1.5 | - |
| F5 BIG-IP Access Policy Manager | >=15.1.0<=15.1.10 | - |
| F5 BIG-IP and BIG-IQ Centralized Management | >=17.1.0<=17.1.1 | 17.1.2417.1.1.4 |
| F5 BIG-IP and BIG-IQ Centralized Management | >=16.1.0<=16.1.5 | - |
| F5 BIG-IP and BIG-IQ Centralized Management | >=15.1.0<=15.1.10 | - |
| F5 BIG-IP and BIG-IQ Centralized Management | >=8.2.0<=8.3.0 | |
| F5 F5OS | =1.7.0>=1.5.1<=1.5.2 | 1.8.0 |
| F5 F5OS | >=1.6.0<=1.6.2 | 1.8.0 |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2019 | ||
| Windows 11 | =23H2 | |
| Windows 11 | =22H2 | |
| Windows 11 | =22H2 | |
| Windows 11 | =21H2 | |
| Windows 11 | =21H2 | |
| Windows 11 | =23H2 | |
| Microsoft Windows Server 2022 | ||
| Microsoft Windows Server 2022 | ||
| Fortinet FortiADC | =. | |
| Fortinet FortiADC | >=7.4.0<=7.4.5 | |
| Fortinet FortiADC | >=7.2 | |
| Fortinet FortiADC | >=7.1 | |
| Fortinet FortiADC | >=7.0 | |
| Fortinet FortiADC | >=6.2 | |
| Fortinet FortiADC | >=6.1 | |
| Fortinet FortiADC | >=6.0 | |
| Fortinet FortiAnalyzer | =. | |
| Fortinet FortiAnalyzer | >=7.4.0<=7.4.5 | |
| Fortinet FortiAnalyzer | >=7.2.0<=7.2.9 | |
| Fortinet FortiAnalyzer | >=7.0 | |
| Fortinet FortiGuest | =. | |
| Fortinet FortiGuest | >=1.2.0<=1.2.1 | |
| Fortinet FortiGuest | >=1.1 | |
| Fortinet FortiGuest | >=1.0 | |
| Fortinet FortiManager | >=7.6.0<=7.6.1 | |
| Fortinet FortiManager | >=7.4.0<=7.4.5 | |
| Fortinet FortiManager | >=7.2.0<=7.2.9 | |
| Fortinet FortiManager | >=7.0 | |
| Fortinet FortiOS IPS Engine | =. | |
| Fortinet FortiOS IPS Engine | >=7.4.0<=7.4.5 | |
| Fortinet FortiOS IPS Engine | >=7.2.0<=7.2.10 | |
| Fortinet FortiOS IPS Engine | >=7.0 | |
| Fortinet FortiOS IPS Engine | >=6.4 | |
| Fortinet FortiProxy | >=7.4.0<=7.4.5 | |
| Fortinet FortiProxy | >=7.2 | |
| Fortinet FortiProxy | >=7.0 | |
| Fortinet FortiWeb | =. | |
| Fortinet FortiWeb | >=7.4.0<=7.4.4 | |
| Fortinet FortiWeb | >=7.2 | |
| Fortinet FortiWeb | >=7.0 |
Remedy
Disable the use of RADIUS/UDP and RADIUS/TCP - instead RADIUS/TLS or RADIUS/DTLS should be used.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3596 (Advisory)
- https://www.bleepingcomputer.com/news/security/new-blast-radius-attack-bypasses-widely-used-radius-authentication/
- https://www.theregister.com/2024/07/10/radius_critical_vulnerability/
- https://datatracker.ietf.org/doc/html/rfc2865
- https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
- https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
- https://www.blastradius.fail/
- http://www.openwall.com/lists/oss-security/2024/07/09/4
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3596
- https://nvd.nist.gov/vuln/detail/CVE-2024-3596
- https://launchpad.net/bugs/cve/CVE-2024-3596
- https://security-tracker.debian.org/tracker/CVE-2024-3596
- https://ubuntu.com/security/CVE-2024-3596
- https://kb.cert.org/vuls/id/456537
- https://www.openwall.com/lists/oss-security/2024/07/09/4
- https://blog.cloudflare.com/radius-udp-vulnerable-md5-attack/
- https://github.com/proftpd/proftpd/issues/1840
- https://access.redhat.com/errata/RHSA-2024:4826
- https://access.redhat.com/errata/RHSA-2024:4828
- https://access.redhat.com/errata/RHSA-2024:4829
- https://access.redhat.com/errata/RHSA-2024:4874
- https://access.redhat.com/errata/RHSA-2024:4913
- https://access.redhat.com/errata/RHSA-2024:4912
- https://access.redhat.com/errata/RHSA-2024:4911
- https://access.redhat.com/errata/RHSA-2024:4936
- https://access.redhat.com/errata/RHSA-2024:4935
- https://access.redhat.com/errata/RHSA-2024:8461
- https://access.redhat.com/errata/RHSA-2024:8577
- https://access.redhat.com/errata/RHSA-2024:8789
- https://access.redhat.com/errata/RHSA-2024:8791
- https://access.redhat.com/errata/RHSA-2024:8788
- https://access.redhat.com/errata/RHSA-2024:8794
- https://access.redhat.com/errata/RHSA-2024:8792
- https://access.redhat.com/errata/RHSA-2024:8860
- https://access.redhat.com/errata/RHSA-2024:9474
- https://access.redhat.com/errata/RHSA-2024:9547
- https://access.redhat.com/errata/RHSA-2024:10135
- https://access.redhat.com/errata/RHSA-2024:11109
- https://bugzilla.redhat.com/show_bug.cgi?id=2263240
- https://security.netapp.com/advisory/ntap-20240822-0001/
- https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol
- https://my.f5.com/manage/s/article/K000141008
- https://www.fortiguard.com/psirt/cvrf/FG-IR-24-255
- https://www.fortiguard.com/psirt/FG-IR-24-255
Frequently Asked Questions
What is the severity of CVE-2024-3596?
CVE-2024-3596 has been categorized as a critical vulnerability affecting RADIUS implementations.
How do I fix CVE-2024-3596?
To address CVE-2024-3596, it is recommended to apply the latest security patches provided by your software vendor.
Which products are affected by CVE-2024-3596?
CVE-2024-3596 affects multiple products including Windows Server 2019, Windows 10, Windows Server 2008 R2, and various FreeRADIUS versions.
Is there a known exploit for CVE-2024-3596?
Yes, CVE-2024-3596 is associated with a known exploit that allows attackers to bypass authentication in RADIUS systems.
When was CVE-2024-3596 reported?
CVE-2024-3596 was reported by Nadia Heninger from the University of California San Diego.
- agent/type
- collector/msrc
- source/Microsoft
- collector/msrc-cve
- agent/software-canonical-lookup
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-3596
- collector/oss-sec
- source/oss-sec
- collector/the-register
- source/The Register
- agent/author
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- collector/redhat-bugzilla
- source/Red Hat
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- collector/f5-advisory
- source/F5
- collector/fortiguard-psirt-latest
- source/FortiGuard
- agent/source
- agent/references
- agent/title
- agent/severity
- agent/description
- agent/trending
- agent/softwarecombine
- agent/tags
- agent/event
- collector/fortiguard-psirt
- vendor/microsoft
- canonical/microsoft windows 10
- version/microsoft windows 10/21h2
- canonical/microsoft windows server 2008 r2
- version/microsoft windows 10/22h2
- canonical/microsoft windows server 2012 r2
- version/microsoft windows 10/1607
- version/microsoft windows 10/1809
- canonical/microsoft windows server 2022 23h2
- package-manager/debian
- canonical/microsoft windows server
- vendor/freeradius
- canonical/freeradius
- vendor/broadcom
- canonical/brocade sannav
- canonical/broadcom fabric operating system
- vendor/sonicwall
- canonical/sonicwall sonicos
- vendor/f5
- canonical/f5 big-ip next central manager
- version/f5 big-ip next central manager/20.2.0
- version/f5 big-ip next central manager/20.3.0
- canonical/f5 big-ip access policy manager
- version/f5 big-ip access policy manager/17.1.0
- version/f5 big-ip access policy manager/17.1.1
- version/f5 big-ip access policy manager/16.1.0
- version/f5 big-ip access policy manager/16.1.5
- version/f5 big-ip access policy manager/15.1.0
- version/f5 big-ip access policy manager/15.1.10
- canonical/f5 big-ip and big-iq centralized management
- version/f5 big-ip and big-iq centralized management/17.1.0
- version/f5 big-ip and big-iq centralized management/17.1.1
- version/f5 big-ip and big-iq centralized management/16.1.0
- version/f5 big-ip and big-iq centralized management/16.1.5
- version/f5 big-ip and big-iq centralized management/15.1.0
- version/f5 big-ip and big-iq centralized management/15.1.10
- version/f5 big-ip and big-iq centralized management/8.2.0
- version/f5 big-ip and big-iq centralized management/8.3.0
- canonical/f5 f5os
- version/f5 f5os/1.7.0
- version/f5 f5os/1.5.1
- version/f5 f5os/1.5.2
- version/f5 f5os/1.6.0
- version/f5 f5os/1.6.2
- canonical/microsoft windows server 2016
- canonical/microsoft windows server 2019
- canonical/windows 11
- version/windows 11/23h2
- version/windows 11/22h2
- version/windows 11/21h2
- canonical/microsoft windows server 2022
- vendor/fortinet
- canonical/fortinet fortiadc
- version/fortinet fortiadc/.
- version/fortinet fortiadc/7.4.0
- version/fortinet fortiadc/7.4.5
- version/fortinet fortiadc/7.2
- version/fortinet fortiadc/7.1
- version/fortinet fortiadc/7.0
- version/fortinet fortiadc/6.2
- version/fortinet fortiadc/6.1
- version/fortinet fortiadc/6.0
- canonical/fortinet fortianalyzer
- version/fortinet fortianalyzer/.
- version/fortinet fortianalyzer/7.4.0
- version/fortinet fortianalyzer/7.4.5
- version/fortinet fortianalyzer/7.2.0
- version/fortinet fortianalyzer/7.2.9
- version/fortinet fortianalyzer/7.0
- canonical/fortinet fortiguest
- version/fortinet fortiguest/.
- version/fortinet fortiguest/1.2.0
- version/fortinet fortiguest/1.2.1
- version/fortinet fortiguest/1.1
- version/fortinet fortiguest/1.0
- canonical/fortinet fortimanager
- version/fortinet fortimanager/7.6.0
- version/fortinet fortimanager/7.6.1
- version/fortinet fortimanager/7.4.0
- version/fortinet fortimanager/7.4.5
- version/fortinet fortimanager/7.2.0
- version/fortinet fortimanager/7.2.9
- version/fortinet fortimanager/7.0
- canonical/fortinet fortios ips engine
- version/fortinet fortios ips engine/.
- version/fortinet fortios ips engine/7.4.0
- version/fortinet fortios ips engine/7.4.5
- version/fortinet fortios ips engine/7.2.0
- version/fortinet fortios ips engine/7.2.10
- version/fortinet fortios ips engine/7.0
- version/fortinet fortios ips engine/6.4
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/7.4.0
- version/fortinet fortiproxy/7.4.5
- version/fortinet fortiproxy/7.2
- version/fortinet fortiproxy/7.0
- canonical/fortinet fortiweb
- version/fortinet fortiweb/.
- version/fortinet fortiweb/7.4.0
- version/fortinet fortiweb/7.4.4
- version/fortinet fortiweb/7.2
- version/fortinet fortiweb/7.0