July 10, 2024

Threat Level  :           Critical

Threat:                       RADIUS Protocol Spoofing Vulnerability

SUMMARY

On July 7, 2024, security researchers disclosed the following vulnerability in the RADIUS protocol:

CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by an on-path attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

This vulnerability may impact any RADIUS client and server.

SEVERITY

5ironCyber considers this a serious threat.

ACTIONS

• There are no workarounds that address this vulnerability.
• Cisco is investigating its product line to determine which products may be affected by this vulnerability and the impact on each affected product.
• Cisco will be updating the advisory referenced in the links below as more information becomes available.

SOURCES

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-radius-spoofing-july-2024-87cCDwZ
• https://www.kb.cert.org/vuls/id/456537