CVE-2024-3596 is classified as a critical vulnerability with a CVSS score of 9.0, affecting various Broadcom, FreeRADIUS, and SonicWall products. The vulnerability allows local attackers to perform forgery attacks on the RADIUS protocol under RFC 2865. Specifically, attackers can manipulate valid responses, such as Access-Accept, Access-Reject, or Access-Challenge, into any other response using a chosen-prefix collision attack against the MD5 Response Authenticator signature.
The implications of this vulnerability are severe, as it can lead to unauthorized access and potentially compromise systems relying on the RADIUS protocol for authentication. Organizations must recognize the urgency of this issue and prioritize patching to mitigate the risk of exploitation.
The exploitation status is confirmed, with known exploits available. Organizations are advised to take immediate action to protect their systems against potential attacks leveraging this vulnerability.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)