Support Content Notification - Support Portal

RADIUS protocol vulnerability CVE-2024-3596 and impact on Symantec VIP Enterprise Gateway

Product/Component

VIP Service

0 more products

Notification Id

24617

Last Updated

16 August 2024

Initial Publication Date

10 July 2024

Dear Symantec VIP customer,

The purpose of this advisory is to inform you of a recently identified vulnerability in the RADIUS protocol that affects the Symantec VIP Enterprise Gateway product. Please read this advisory and follow the instructions below to avoid being impacted by this vulnerability.

Reason for the Notice:

A high severity vulnerability has been found within the Radius protocol which affects the Symantec VIP Enterprise Gateway product.

CVE-2024-3596

Title: RADIUS Protocol Under RFC2865 Is Vulnerable To Forgery Attacks.

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

What is the vulnerability?

The RADIUS protocol has a critical issue that impacts RADIUS transport over insecure networks, particularly using RADIUS over UDP or TCP. This problem enables a man-in-the-middle attacker to forge a valid Access-Reject response to a client request that the RADIUS server has denied. In other words, the attacker can change an Access-Reject to an Access-Accept by using a malicious proxy state and altering the contents. As a result, the attacker can access protected resources and devices for which the RADIUS client authenticates.

Product and version affected:

Symantec VIP Enterprise Gateway versions: 9.11, 9.10 and 9.9 supported versions.

Impact of reported vulnerability on Symantec VIP Enterprise Gateway:

Symantec VIP uses the RADIUS protocol in the Enterprise Gateway component, which is impacted by this vulnerability.

Solution:

The Symantec VIP product team has analyzed the impact of the vulnerability and has developed a patch to remediate the vulnerability.

The patches for the Enterprise Gateway 9.11, 9.10.x and 9.9.x supported versions for Windows and Linux platforms are available for download under the VIP Manager - Downloads.

The patch is also available for download from the KB article https://knowledge.broadcom.com/external/article?articleNumber=371735.

What you should do:

You should download and install the appropriate patch for your supported version of VIP Enterprise Gateway to avoid being impacted by this vulnerability.

If you have questions, please contact Broadcom Support https://support.broadcom.com/.

Thank you again for your business.