Network Protection Products Advisory for CVE-2024-3596: RADIUS Protocol Under RFC2865 Is Vulnerable To Forgery Attacks
Summary
ESG, A Division of Broadcom has investigated CVE-2024-3596, a vulnerability in the RADIUS protocol.
Affected Product(s)
Edge SWG (ProxySG)
-
- A patch to address this vulnerability will be available in SGOS release 7.3.23.1 and later and 7.4.7.1 and later.
The following products are not vulnerable:
- Management Center
- Content Analysis
- SSL Visibility
- Reporter
- ISG
References
- https://datatracker.ietf.org/doc/html/rfc2865
- https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
- https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
- https://www.blastradius.fail/pdf/radius.pdf