Support Content Notification - Support Portal

RADIUS protocol vulnerability CVE-2024-3596 and impact on Symantec Advanced Authentication

Product/Component

CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)

2 more products

Notification Id

24618

Last Updated

12 August 2024

Initial Publication Date

10 July 2024

Dear Symantec Advanced Authentication customer,

The purpose of this advisory is to inform you of a recently identified vulnerability in the RADIUS protocol that affects the Symantec Advanced Authentication product. Please read this advisory and follow the instructions below to avoid being impacted by this vulnerability.

Reason for the Notice:

A high severity vulnerability has been found within the Radius protocol which affects the Symantec Advanced Authentication product.

CVE-2024-3596

Title: RADIUS Protocol Under RFC2865 Is Vulnerable To Forgery Attacks.

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

What is the vulnerability?

The RADIUS protocol has a critical issue that impacts RADIUS transport over insecure networks, particularly using RADIUS over UDP or TCP. This problem enables a man-in-the-middle attacker to forge a valid Access-Reject response to a client request that the RADIUS server has denied. In other words, the attacker can change an Access-Reject to an Access-Accept by using a malicious proxy state and altering the contents. As a result, the attacker can access protected resources and devices for which the RADIUS client authenticates.

Product and version affected:

Symantec Advanced Authentication versions: 9.1, 9.1.01, 9.1.02, 9.1.03, 9.1.04, 9.1.5

Impact of reported vulnerability on Symantec Advanced Authentication:

Symantec Advanced Authentication uses the RADIUS protocol in the Strong Authentication RADIUS server, which is impacted by this vulnerability.

Solution:

The Symantec Advanced Authentication product team has analyzed the impact of the vulnerability and has developed a patch to remediate the vulnerability. The Advanced Authentication patches for version 9.1.0, 9.1.01, 9.1.02, 9.1.03, 9.1.04 and 9.1.5 are available for download from the Broadcom Support Download Center.

What you should do:

You should download and install the appropriate patch for your supported version of Advanced Authentication from the Broadcom Support Download Center, to avoid being impacted by this vulnerability.

If you have questions, please contact Broadcom Support https://support.broadcom.com/.

Thank you again for your business.