Cyber Resilience

CVE-2024-3596

CriticalUpdated

Published: 09 July 2024

Published
09 July 2024
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.2216 95.9th percentile
Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-3596 is a critical-severity Improper Validation of Integrity Check Value (CWE-354) vulnerability in Freeradius Freeradius. Its CVSS base score is 9.0 (Critical).

Operationally, ranked in the top 4.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability affects the RADIUS protocol as defined in RFC 2865, where the MD5-based Response Authenticator signature is susceptible to chosen-prefix collision attacks. This allows forgery of any valid response packet, including Access-Accept, Access-Reject, or Access-Challenge messages, without knowledge of the shared secret.

An attacker positioned to observe or intercept RADIUS traffic can exploit the issue to alter response contents, potentially granting unauthorized access, denying service, or manipulating authentication flows. The CVSS 9.0 score reflects network attack vector, high complexity, and impacts across confidentiality, integrity, and availability in a scoped environment.

Published references include an IETF draft on deprecating RADIUS, Siemens product security advisories, and the original RFC 2865 specification, pointing practitioners toward protocol migration and updated implementations. The associated EPSS score reached a peak of 0.2432 with a current value of 0.2216, indicating measurable post-disclosure interest that warrants monitoring.

EU & UK References

Vulnerability details

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

freeradius
freeradius
≤ 3.0.27
broadcom
brocade sannav
all versions
broadcom
fabric operating system
all versions
sonicwall
sonicos
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-354

Proper validation of integrity check values is required for reliable tamper detection, directly reducing undetected modification risks.

addresses: CWE-354

Requires validation of integrity check values on every resolution response, directly mitigating tampered or corrupted DNS data.

addresses: CWE-354

Control mandates proper validation of integrity values (checksums) on prepared data, making flawed validation of those checks ineffective for attackers.

addresses: CWE-924

The control directly mandates integrity protection for transmitted information, addressing failures to enforce message integrity in transit.

addresses: CWE-354

Requires use of proper integrity verification tools, reducing the chance an incorrect check value is accepted.

addresses: CWE-354

Requires proper validation of integrity mechanisms, directly mitigating flawed check-value handling.

References