Blast-RADIUS CHAP and PAP Authentication Vulnerability CVE-2024-3596
Advisory ID
WGSA-2024-00013
CVE
CVE-2024-3596
Impact
High
Status
Acknowledged
Product Family
Firebox
Published Date
Updated Date
Workaround Available
False
CVSS Score
7.5
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Updated 2024-09-11: Added initial impact analysis
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
This vulnerability allows an attacker performing a man-in-the-middle attack between a vulnerable system and a RADIUS server to bypass authentication and escalate privileges when RADIUS authentication is used with either CHAP or PAP authentication.
Affected
| Product | Status |
|---|---|
| Fireware OS | Affected* |
| Dimension | Affected |
| WatchGuard System Manager Management Server | Affected |
| Wireless APs | Not Affected* |
| *WPA Enterprise authentication in Fireware OS and WatchGuard Wireless APs and do not use PAP or CHAP-based authentication and are not affected |
References
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Firebox
|
Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |
Firebox
|
Fireware OS 12.5.x | T15, T35 |