Network Protection Products Advisory for CVE-2024-3596: RADIUS Protocol Under RFC2865 Is Vulnerable To Forgery Attacks

ASG-S200

33 more products

25157

01 November 2024

01 November 2024

OPEN

CRITICAL

9.0

CVE-2024-3596

Summary

ESG, A Division of Broadcom has investigated CVE-2024-3596, a vulnerability in the RADIUS protocol. 

Affected Product(s)

Edge SWG (ProxySG)

    • A patch to address this vulnerability will be available in SGOS release 7.3.23.1 and later and 7.4.7.1 and later.

The following products are not vulnerable:

  • Management Center
  • Content Analysis
  • SSL Visibility
  • Reporter
  • ISG

References

  • https://datatracker.ietf.org/doc/html/rfc2865 
  • https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ 
  • https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf 
  • https://www.blastradius.fail/pdf/radius.pdf