Show plain JSON{"affected_release": [{"advisory": "RHSA-2024:4911", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "freeradius-0:3.0.20-1.el7_9.1", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2024-07-30T00:00:00Z"}, {"advisory": "RHSA-2024:8788", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "krb5-0:1.15.1-55.el7_9.3", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2024-11-04T00:00:00Z"}, {"advisory": "RHSA-2024:4936", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "freeradius:3.0-8100020230904084920.69ef70f8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-31T00:00:00Z"}, {"advisory": "RHSA-2024:8860", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "krb5-0:1.18.2-30.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:4913", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "freeradius:3.0-8020020240726095340.ce27ea5e", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-07-30T00:00:00Z"}, {"advisory": "RHSA-2024:8789", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "krb5-0:1.17-19.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-11-04T00:00:00Z"}, {"advisory": "RHSA-2024:4874", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "freeradius:3.0-8040020240719063921.9ab73fbf", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:8791", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "krb5-0:1.18.2-9.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-11-04T00:00:00Z"}, {"advisory": "RHSA-2024:4874", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "freeradius:3.0-8040020240719063921.9ab73fbf", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:8791", "cpe": "cpe:/o:redhat:rhel_tus:8.4", "package": "krb5-0:1.18.2-9.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-11-04T00:00:00Z"}, {"advisory": "RHSA-2024:4874", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "freeradius:3.0-8040020240719063921.9ab73fbf", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:8791", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "krb5-0:1.18.2-9.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-11-04T00:00:00Z"}, {"advisory": "RHSA-2024:4826", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "freeradius:3.0-8060020240719034751.830b6f11", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:8794", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "krb5-0:1.18.2-16.el8_6.2", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-11-04T00:00:00Z"}, {"advisory": "RHSA-2024:4826", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "freeradius:3.0-8060020240719034751.830b6f11", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:8794", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "krb5-0:1.18.2-16.el8_6.2", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-11-04T00:00:00Z"}, {"advisory": "RHSA-2024:4826", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "freeradius:3.0-8060020240719034751.830b6f11", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:8794", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "krb5-0:1.18.2-16.el8_6.2", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-11-04T00:00:00Z"}, {"advisory": "RHSA-2024:4829", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "freeradius:3.0-8080020240719112231.b012cf7d", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:8792", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "krb5-0:1.18.2-26.el8_8.3", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-11-04T00:00:00Z"}, {"advisory": "RHSA-2024:4935", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "freeradius-0:3.0.21-40.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-31T00:00:00Z"}, {"advisory": "RHSA-2024:9474", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "krb5-0:1.21.1-4.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9474", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "krb5-0:1.21.1-4.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:4912", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "freeradius-0:3.0.21-26.el9_0.1", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-07-30T00:00:00Z"}, {"advisory": "RHSA-2024:8577", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "krb5-0:1.19.1-16.el9_0.2", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-10-29T00:00:00Z"}, {"advisory": "RHSA-2024:4828", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "freeradius-0:3.0.21-38.el9_2.2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:8461", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "krb5-0:1.20.1-9.el9_2.2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-24T00:00:00Z"}, {"advisory": "RHSA-2024:9547", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "krb5-0:1.21.1-2.el9_4.1", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:10852", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8:sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2024-12-05T00:00:00Z"}], "bugzilla": {"description": "freeradius: forgery attack", "id": "2263240", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263240"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-294->CWE-836->CWE-924", "details": ["RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process."], "mitigation": {"lang": "en:us", "value": "Disable the use of RADIUS/UDP and RADIUS/TCP.\nRADIUS/TLS or RADIUS/DTLS should be used."}, "name": "CVE-2024-3596", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "freeradius", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2024-07-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-3596\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3596\nhttps://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/\nhttps://datatracker.ietf.org/doc/html/rfc2865\nhttps://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf\nhttps://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt\nhttps://www.blastradius.fail/\nhttps://www.kb.cert.org/vuls/id/456537"], "statement": "This vulnerability is of Important severity due to its ability to undermine the fundamental security mechanisms of RADIUS-based authentication systems. By exploiting the weak MD5 integrity check, an attacker can forge RADIUS responses, effectively bypassing authentication controls and gaining unauthorized access to network resources. This poses a significant threat to environments relying on RADIUS for user and device authentication, particularly those lacking enforced Message-Authenticator attributes or TLS/DTLS encryption.\nThere are several preconditions for this attack to be possible:\n* An attacker needs man-in-the-middle network access between the RADIUS client and server\n* The client and server must be using RADIUS/UDP to communicate\n* The attacker needs to be able to trigger a RADIUS client Access-Request ( for example the client is using PAP authentication)\nDue to these attack surface limitations, the impact is rated Important.\nWithin Red Hat offerings, this impacts the FreeRADIUS package. This flaw allows a local, unauthenticated attacker to conduct a man-in-the-middle attack to log in as a third party without knowing their credentials. Servers using Extensible Authentication Protocol (EAP) with required Message-Authenticator attributes or those employing TLS/DTLS encryption are not affected.", "threat_severity": "Important"}