Blast-RADIUS CHAP and PAP Authentication Vulnerability CVE-2024-3596
Advisory ID
WGSA-2024-00013
CVE
CVE-2024-3596
Impact
High
Status
Acknowledged
Product Family
Firebox,
WatchGuard Cloud,
Other Software,
Secure Wi-Fi
Published Date
Updated Date
Workaround Available
True
CVSS Score
7.5
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Updated 2024-09-11: Added initial impact analysis
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
This vulnerability allows an attacker performing a man-in-the-middle attack between a vulnerable system and a RADIUS server to bypass authentication and escalate privileges when RADIUS authentication is used with either CHAP or PAP authentication.
Affected
| Product | Status |
|---|---|
| Fireware OS | Affected* |
| Dimension | Affected |
| WatchGuard System Manager Management Server | Affected |
| Wireless APs | Not Affected* |
| *WPA Enterprise authentication in Fireware OS and WatchGuard Wireless APs and do not use PAP or CHAP-based authentication and are not affected |
References
Advisory Product List
Product Family
Product Branch
Product List
Firebox
XTM 8 Series (2nd Gen)
XTM850,
XTM860,
XTM870,
XTM870-F
Firebox
XTM 1500 and 2520
XTM1520-RP,
XTM1525-RP,
XTM2520
Firebox
Firebox T (1st Gen)
T10,
T10-W,
T10-D,
T30,
T30-W,
T50,
T50-W
Firebox
Firebox T (2nd Gen)
T15,
T15-W,
T35,
T35-W,
T35-R,
T55,
T55-W,
T70
Firebox
Firebox M (1st Gen)
M200,
M300,
M400,
M440,
M500
Firebox
Firebox M (2nd Gen)
M270,
M370,
M470,
M570,
M670
Firebox
Firebox T (3rd Gen)
T20,
T20-W,
T40,
T40-W,
T80
Firebox
XTMv
Small,
Medium,
Large,
Datacenter
Firebox
FireboxV
Small,
Medium,
Large,
XLarge
Firebox
Firebox M (3rd Gen)
M290,
M390,
M590,
M690,
M4800,
M5800
Firebox
Firebox T (4th Gen)
NV5,
T25,
T45,
T85
Firebox
FireboxCloud
Small,
Medium,
Large,
XLarge
WatchGuard Cloud
WatchGuard Cloud
WatchGuard Cloud
Other Software
AuthPoint (Windows)
AuthPoint (Windows)
Other Software
AuthPoint (macOS)
AuthPoint (macOS)
Other Software
AuthPoint (Android)
AuthPoint (Android)
Other Software
AuthPoint (iOS)
AuthPoint (iOS)
Secure Wi-Fi
Wi-Fi 6
AP130,
AP330,
AP430CR,
AP432
Secure Wi-Fi
Wi-Fi 4 & 5
AP322,
AP420,
AP125,
AP225W,
AP325,
AP327X