CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-3596

CVSS 9.0v3.1pub. 2024-07-09upd. 2026-05-12

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Broadcom Brocade Sannav

    APP
    Broadcom
    wszystkie wersje
  • Broadcom Fabric Operating System

    OS
    Broadcom
    wszystkie wersje
  • Freeradius

    APP
    Freeradius
    < 3.0.27
  • Sonicwall Sonicos

    OS
    Sonicwall
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-53704CRITICAL9.8⚠ KEVPL ✓ten sam produkt

SonicWall SonicOS SSLVPN — pominięcie uwierzytelnienia (Auth Bypass)

CVE-2024-40766CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Nieprawidłowa kontrola dostępu w SonicWall SonicOS — RCE i crash firewalla

CVE-2020-5135CRITICAL9.8⚠ KEVten sam produkt

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and poten...

CVE-2025-40600CRITICAL9.8PL ✓ten sam produkt

SonicOS SSL VPN: format string umożliwia zakłócenie usługi bez uwierzytelnienia

CVE-2024-22394CRITICAL9.8PL ✓ten sam produkt

Pominięcie uwierzytelnienia w SonicWall SonicOS SSL-VPN (auth bypass)