cisco-sa-radius-spoofing-july-2024-87ccdwz3
Vulnerability from csaf_cisco
Published
2024-07-10 16:00
Modified
2024-09-03 14:10
Summary
RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024

Notes

Summary
On July 7, 2024, security researchers disclosed the following vulnerability in the RADIUS protocol: CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by an on-path attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. This vulnerability may impact any RADIUS client and server. For a description of this vulnerability, see VU#456537: RADIUS protocol susceptible to forgery attacks ["https://www.kb.cert.org/vuls/id/456537"].
Affected Products
Cisco investigated its product line to determine which products and cloud services may be affected by this vulnerability. The Vulnerable Products section includes Cisco bug IDs for each affected product or service. The bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information, including workarounds (if available) and fixed software releases.
Vulnerable Products
The following table lists Cisco products that are affected by the vulnerability that is described in this advisory. Customers should refer to the associated Cisco bug(s) for further details. Product Cisco Bug ID Endpoint Clients and Client Software Duo Authentication Proxy CSCwk87884 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk87884"] Network and Content Security Devices Adaptive Security Appliance (ASA) CSCwk71992 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk71992"] Firepower Device Manager (FDM) CSCwk69454 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk69454"] Firepower Management Center (FMC) Software CSCwk71817 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk71817"] Firepower Threat Defense (FTD) Software CSCwk67902 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk67902"] Meraki MX Series Notes ["https://documentation.meraki.com/General_Administration/Privacy_and_Security/RADIUS_Protocol_Spoofing_Vulnerability_(Blast-RADIUS)%3A_July_2024"] Identity Services Engine (ISE) CSCwk67747 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk67747"] Secure Email Gateway CSCwk70832 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70832"] Secure Email and Web Manager CSCwk70833 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70833"] Secure Firewall CSCwk67859 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk67859"] Secure Network Analytics CSCwk73619 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk73619"] Secure Web Appliance CSCwk70834 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70834"] Network Management and Provisioning Application Policy Infrastructure Controller (APIC) CSCwk70836 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70836"] Crosswork Network Controller CSCwk70850 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70850"] Nexus Dashboard, formerly Application Services Engine CSCwk70840 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70840"] Prime Infrastructure CSCwk79727 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79727"] Routing and Switching - Enterprise and Service Provider ASR 5000 Series Routers CSCwk70831 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70831"] Catalyst Center CSCwk70845 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70845"] Catalyst SD-WAN Controller, formerly SD-WAN vSmart CSCwk70854 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70854"] Catalyst SD-WAN Manager, formerly SD-WAN vManage CSCwk70854 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70854"] Catalyst SD-WAN Validator, formerly SD-WAN vBond CSCwk70854 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70854"] GGSN Gateway GPRS Support Node CSCwk70831 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70831"] IOS Software CSCwk78278 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk78278"] IOS XE Software CSCwk70852 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70852"] IOS XR Software CSCwk70236 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70236"] IOx Fog Director CSCwk70851 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70851"] MDS 9000 Series Multilayer Switches CSCwk70837 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70837"] Network Convergence System (NCS) 2000 Series CSCwm33240 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwm33240"] Nexus 1000V Series Switches CSCwk79691 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79691"] Nexus 3000 Series Switches CSCwk70839 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70839"] Nexus 5500 Platform Switches CSCwk79692 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79692"] Nexus 5600 Platform Switches CSCwk79692 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79692"] Nexus 6000 Series Switches CSCwk79692 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79692"] Nexus 7000 Series Switches CSCwk70838 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70838"] Nexus 9000 Series Fabric Switches in ACI Mode CSCwk83051 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk83051"] Nexus 9000 Series Switches in standalone NX-OS mode CSCwk70839 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70839"] PGW Packet Data Network Gateway CSCwk70831 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70831"] SD-WAN vEdge Routers CSCwk70854 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70854"] System Architecture Evolution (SAE) Gateway CSCwk70831 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70831"] Ultra Packet Core CSCwk70831 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70831"] Unified Computing Enterprise NFV Infrastructure Software (NFVIS) CSCwk79647 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79647"] UCS Central Software CSCwk71967 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk71967"] UCS Manager CSCwk70842 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70842"] WirelessUnified Computing AireOS Wireless LAN Controllers CSCwk70846 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70846"]
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Network Application, Service, and Acceleration Nexus Dashboard Insights (On Prem) Secure Workload Network and Content Security Devices Firepower 4100/9300 FXOS Firepower Chassis Manager Secure Malware Analytics Appliance Umbrella Active Directory (AD) Connector Network Management and Provisioning Cisco Evolved Programmable Network Manager (EPNM) DNA Spaces Connector Policy Suite ThousandEyes Enterprise Agent Routing and Switching - Enterprise and Service Provider Ultra Cloud Core - Policy Control Function Unified Computing UCS B-Series Blade Servers Wireless 6300 Series Embedded Services Access Points Aironet 1540 Series Aironet 1560 Series Aironet 1810 Series OfficeExtend Access Points Aironet 1810w Series Access Points Aironet 1815 Series Access Points Aironet 1830 Series Access Points Aironet 1850 Series Access Points Aironet 2800 Series Access Points Aironet 3800 Series Access Points Aironet 4800 Access Points Aironet 802.11ac Wave2 Access Points Catalyst 9100 Series Access Points Catalyst IW6300 Heavy Duty Series Access Points Catalyst IW9165 Heavy Duty Series Catalyst IW9165 Rugged Series Catalyst IW9167 Heavy Duty Series
Workarounds
There are no workarounds that address this vulnerability. RADIUS clients and servers configured to use DTLS or TLS over TCP are not exploitable, even if the underlying implementation is otherwise vulnerable, as long as the traffic is not sent in plaintext. Customers should determine the applicability and effectiveness of this mitigation in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.
Fixed Software
For information about fixed software releases ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], consult the Cisco bugs identified in the Vulnerable Products ["#vp"] section of this advisory. When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories ["https://www.cisco.com/go/psirt"] page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory. The Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.
Source
This vulnerability was publicly disclosed by Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl on July 9, 2024.
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.



{
  "document": {
    "acknowledgments": [
      {
        "summary": "This vulnerability was publicly disclosed by Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl on July 9, 2024."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "On July 7, 2024, security researchers disclosed the following vulnerability in the RADIUS protocol:\r\n\r\nCVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by an on-path attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.\r\nThis vulnerability may impact any RADIUS client and server. For a description of this vulnerability, see VU#456537: RADIUS protocol susceptible to forgery attacks [\"https://www.kb.cert.org/vuls/id/456537\"].\r\n\r\n",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "Cisco investigated its product line to determine which products and cloud services may be affected by this vulnerability.\r\n\r\nThe Vulnerable Products section includes Cisco bug IDs for each affected product or service. The bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information, including workarounds (if available) and fixed software releases.",
        "title": "Affected Products"
      },
      {
        "category": "general",
        "text": "The following table lists Cisco products that are affected by the vulnerability that is described in this advisory. Customers should refer to the associated Cisco bug(s) for further details.\r\n        Product  Cisco Bug ID      Endpoint Clients and Client Software      Duo Authentication Proxy  CSCwk87884 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk87884\"]      Network and Content Security Devices      Adaptive Security Appliance (ASA)  CSCwk71992 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk71992\"]      Firepower Device Manager (FDM)  CSCwk69454 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk69454\"]      Firepower Management Center (FMC) Software  CSCwk71817 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk71817\"]      Firepower Threat Defense (FTD) Software  CSCwk67902 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk67902\"]      Meraki MX Series  Notes [\"https://documentation.meraki.com/General_Administration/Privacy_and_Security/RADIUS_Protocol_Spoofing_Vulnerability_(Blast-RADIUS)%3A_July_2024\"]      Identity Services Engine (ISE)  CSCwk67747 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk67747\"]      Secure Email Gateway  CSCwk70832 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70832\"]      Secure Email and Web Manager  CSCwk70833 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70833\"]      Secure Firewall  CSCwk67859 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk67859\"]      Secure Network Analytics  CSCwk73619 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk73619\"]      Secure Web Appliance  CSCwk70834 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70834\"]      Network Management and Provisioning      Application Policy Infrastructure Controller (APIC)  CSCwk70836 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70836\"]      Crosswork Network Controller  CSCwk70850 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70850\"]      Nexus Dashboard, formerly Application Services Engine             CSCwk70840 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70840\"]      Prime Infrastructure  CSCwk79727 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79727\"]      Routing and Switching - Enterprise and Service Provider      ASR 5000 Series Routers  CSCwk70831 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70831\"]      Catalyst Center  CSCwk70845 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70845\"]      Catalyst SD-WAN Controller, formerly SD-WAN vSmart  CSCwk70854 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70854\"]      Catalyst SD-WAN Manager, formerly SD-WAN vManage  CSCwk70854 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70854\"]      Catalyst SD-WAN Validator, formerly SD-WAN vBond  CSCwk70854 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70854\"]      GGSN Gateway GPRS Support Node  CSCwk70831 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70831\"]      IOS Software  CSCwk78278 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk78278\"]      IOS XE Software  CSCwk70852 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70852\"]      IOS XR Software  CSCwk70236 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70236\"]      IOx Fog Director  CSCwk70851 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70851\"]      MDS 9000 Series Multilayer Switches  CSCwk70837 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70837\"]      Network Convergence System (NCS) 2000 Series  CSCwm33240 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwm33240\"]      Nexus 1000V Series Switches  CSCwk79691 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79691\"]      Nexus 3000 Series Switches  CSCwk70839 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70839\"]      Nexus 5500 Platform Switches  CSCwk79692 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79692\"]      Nexus 5600 Platform Switches  CSCwk79692 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79692\"]      Nexus 6000 Series Switches  CSCwk79692 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79692\"]      Nexus 7000 Series Switches  CSCwk70838 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70838\"]      Nexus 9000 Series Fabric Switches in ACI Mode  CSCwk83051 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk83051\"]      Nexus 9000 Series Switches in standalone NX-OS mode  CSCwk70839 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70839\"]      PGW Packet Data Network Gateway  CSCwk70831 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70831\"]      SD-WAN vEdge Routers  CSCwk70854 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70854\"]      System Architecture Evolution (SAE) Gateway  CSCwk70831 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70831\"]      Ultra Packet Core  CSCwk70831 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70831\"]      Unified Computing      Enterprise NFV Infrastructure Software (NFVIS)  CSCwk79647 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79647\"]      UCS Central Software  CSCwk71967 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk71967\"]      UCS Manager  CSCwk70842 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70842\"]      WirelessUnified Computing      AireOS Wireless LAN Controllers  CSCwk70846 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70846\"]",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products:\r\n\r\nNetwork Application, Service, and Acceleration\r\n\r\nNexus Dashboard Insights (On Prem)\r\nSecure Workload\r\n\r\nNetwork and Content Security Devices\r\n\r\nFirepower 4100/9300 FXOS Firepower Chassis Manager\r\nSecure Malware Analytics Appliance\r\nUmbrella Active Directory (AD) Connector\r\n\r\nNetwork Management and Provisioning\r\n\r\nCisco Evolved Programmable Network Manager (EPNM)\r\nDNA Spaces Connector\r\nPolicy Suite\r\nThousandEyes Enterprise Agent\r\n\r\nRouting and Switching - Enterprise and Service Provider\r\n\r\nUltra Cloud Core - Policy Control Function\r\n\r\nUnified Computing\r\n\r\nUCS B-Series Blade Servers\r\n\r\nWireless\r\n\r\n6300 Series Embedded Services Access Points\r\nAironet 1540 Series\r\nAironet 1560 Series\r\nAironet 1810 Series OfficeExtend Access Points\r\nAironet 1810w Series Access Points\r\nAironet 1815 Series Access Points\r\nAironet 1830 Series Access Points\r\nAironet 1850 Series Access Points\r\nAironet 2800 Series Access Points\r\nAironet 3800 Series Access Points\r\nAironet 4800 Access Points\r\nAironet 802.11ac Wave2 Access Points\r\nCatalyst 9100 Series Access Points\r\nCatalyst IW6300 Heavy Duty Series Access Points\r\nCatalyst IW9165 Heavy Duty Series\r\nCatalyst IW9165 Rugged Series\r\nCatalyst IW9167 Heavy Duty Series",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this vulnerability.\r\n\r\nRADIUS clients and servers configured to use DTLS or TLS over TCP are not exploitable, even if the underlying implementation is otherwise vulnerable, as long as the traffic is not sent in plaintext.\r\n\r\nCustomers should determine the applicability and effectiveness of this mitigation in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "For information about fixed software releases [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], consult the Cisco bugs identified in the Vulnerable Products [\"#vp\"] section of this advisory.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories [\"https://www.cisco.com/go/psirt\"] page, to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "This vulnerability was publicly disclosed by Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl on July 9, 2024.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@cisco.com",
      "issuing_authority": "Cisco PSIRT",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-radius-spoofing-july-2024-87cCDwZ3"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "VU#456537: RADIUS protocol susceptible to forgery attacks",
        "url": "https://www.kb.cert.org/vuls/id/456537"
      },
      {
        "category": "external",
        "summary": "CSCwk87884",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk87884"
      },
      {
        "category": "external",
        "summary": "CSCwk71992",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk71992"
      },
      {
        "category": "external",
        "summary": "CSCwk69454",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk69454"
      },
      {
        "category": "external",
        "summary": "CSCwk71817",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk71817"
      },
      {
        "category": "external",
        "summary": "CSCwk67902",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk67902"
      },
      {
        "category": "external",
        "summary": "Notes",
        "url": "https://documentation.meraki.com/General_Administration/Privacy_and_Security/RADIUS_Protocol_Spoofing_Vulnerability_(Blast-RADIUS)%3A_July_2024"
      },
      {
        "category": "external",
        "summary": "CSCwk67747",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk67747"
      },
      {
        "category": "external",
        "summary": "CSCwk70832",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70832"
      },
      {
        "category": "external",
        "summary": "CSCwk70833",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70833"
      },
      {
        "category": "external",
        "summary": "CSCwk67859",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk67859"
      },
      {
        "category": "external",
        "summary": "CSCwk73619",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk73619"
      },
      {
        "category": "external",
        "summary": "CSCwk70834",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70834"
      },
      {
        "category": "external",
        "summary": "CSCwk70836",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70836"
      },
      {
        "category": "external",
        "summary": "CSCwk70850",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70850"
      },
      {
        "category": "external",
        "summary": "CSCwk70840",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70840"
      },
      {
        "category": "external",
        "summary": "CSCwk79727",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79727"
      },
      {
        "category": "external",
        "summary": "CSCwk70831",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70831"
      },
      {
        "category": "external",
        "summary": "CSCwk70845",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70845"
      },
      {
        "category": "external",
        "summary": "CSCwk70854",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70854"
      },
      {
        "category": "external",
        "summary": "CSCwk78278",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk78278"
      },
      {
        "category": "external",
        "summary": "CSCwk70852",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70852"
      },
      {
        "category": "external",
        "summary": "CSCwk70236",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70236"
      },
      {
        "category": "external",
        "summary": "CSCwk70851",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70851"
      },
      {
        "category": "external",
        "summary": "CSCwk70837",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70837"
      },
      {
        "category": "external",
        "summary": "CSCwm33240",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwm33240"
      },
      {
        "category": "external",
        "summary": "CSCwk79691",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79691"
      },
      {
        "category": "external",
        "summary": "CSCwk70839",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70839"
      },
      {
        "category": "external",
        "summary": "CSCwk79692",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79692"
      },
      {
        "category": "external",
        "summary": "CSCwk70838",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70838"
      },
      {
        "category": "external",
        "summary": "CSCwk83051",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk83051"
      },
      {
        "category": "external",
        "summary": "CSCwk79647",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk79647"
      },
      {
        "category": "external",
        "summary": "CSCwk71967",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk71967"
      },
      {
        "category": "external",
        "summary": "CSCwk70842",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70842"
      },
      {
        "category": "external",
        "summary": "CSCwk70846",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk70846"
      },
      {
        "category": "external",
        "summary": "fixed software releases",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisories",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"
      }
    ],
    "title": "RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024",
    "tracking": {
      "current_release_date": "2024-09-03T14:10:25+00:00",
      "generator": {
        "date": "2024-09-03T14:10:28+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-radius-spoofing-july-2024-87cCDwZ3",
      "initial_release_date": "2024-07-10T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2024-07-10T21:54:27+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        },
        {
          "date": "2024-07-11T21:24:06+00:00",
          "number": "1.1.0",
          "summary": "Updated the list of products currently under investigation."
        },
        {
          "date": "2024-07-16T21:57:30+00:00",
          "number": "1.2.0",
          "summary": "Updated lists of products currently under investigation, products determined to be affected, and products determined to be not vulnerable."
        },
        {
          "date": "2024-07-17T21:37:05+00:00",
          "number": "1.3.0",
          "summary": "Updated lists of products currently under investigation, products determined to be affected, and products determined to be not vulnerable."
        },
        {
          "date": "2024-07-19T20:54:21+00:00",
          "number": "1.4.0",
          "summary": "Updated lists of products currently under investigation, products determined to be affected, and products determined to be not vulnerable."
        },
        {
          "date": "2024-07-24T19:33:11+00:00",
          "number": "1.5.0",
          "summary": "Updated lists of products currently under investigation, products determined to be affected, and products determined to be not vulnerable."
        },
        {
          "date": "2024-07-29T20:06:24+00:00",
          "number": "1.6.0",
          "summary": "Updated lists of products currently under investigation and products determined to be affected."
        },
        {
          "date": "2024-08-02T18:48:25+00:00",
          "number": "1.7.0",
          "summary": "Updated summary, lists of products currently under investigation, and products determined to be affected."
        },
        {
          "date": "2024-08-09T19:53:46+00:00",
          "number": "1.8.0",
          "summary": "Updated lists of products considered vulnerable and products considered not vulnerable."
        },
        {
          "date": "2024-08-19T17:00:13+00:00",
          "number": "1.9.0",
          "summary": "Updated the list of products confirmed not vulnerable."
        },
        {
          "date": "2024-09-03T14:10:25+00:00",
          "number": "1.10.0",
          "summary": "Added Network Convergence System 2000 Series to the list of vulnerable products."
        }
      ],
      "status": "final",
      "version": "1.10.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Cisco Adaptive Security Appliance (ASA) Software",
            "product": {
              "name": "Cisco Adaptive Security Appliance (ASA) Software ",
              "product_id": "CSAFPID-6588"
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-3596",
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-6588"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-6588"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-6588"
          ]
        }
      ],
      "title": "RADIUS Vulnerability Affecting Cisco Products: July 2024"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.