Saturday, January 18, 2025
HomeCVE/vulnerabilityCisco Patches the Products Impacted by RADIUS Protocol Vulnerability

Cisco Patches the Products Impacted by RADIUS Protocol Vulnerability

Published on

SIEM as a Service

Follow Us on Google News

Cisco has issued patches for multiple products affected by a critical vulnerability in the RADIUS protocol. The vulnerability, identified as CVE-2024-3596, was disclosed by security researchers on July 7, 2024.

This flaw allows an on-path attacker to forge responses using a chosen prefix collision attack against the MD5 Response Authenticator signature. Cisco has been actively investigating its product line to identify and address the affected products.

CVE-2024-3596 – Summary of the Vulnerability

The vulnerability in the RADIUS protocol, as described under RFC 2865, makes it susceptible to forgery attacks by an on-path attacker.

The attacker can modify any valid response (Access-Accept, Access-Reject, or Access-Challenge) to another response using a chosen prefix collision attack against the MD5 Response Authenticator signature. This vulnerability impacts any RADIUS client and server.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Affected Products

Cisco has identified several products affected by this vulnerability and is working to release patches. The affected products include:

  • Network and Content Security Devices:
    • Adaptive Security Appliance (ASA)
    • Firepower Device Manager (FDM)
    • Firepower Management Center (FMC) Software
    • Firepower Threat Defense (FTD) Software
    • Identity Services Engine (ISE)
    • Secure Email Gateway
    • Secure Email and Web Manager
    • Secure Firewall
    • Secure Network Analytics
    • Secure Web Appliance
  • Network Management and Provisioning:
    • Application Policy Infrastructure Controller (APIC)
    • Crosswork Change Automation
    • Nexus Dashboard (formerly Application Services Engine)
  • Routing and Switching – Enterprise and Service Provider:
    • ASR 5000 Series Routers
    • Catalyst SD-WAN Controller (formerly SD-WAN vSmart)
    • Catalyst SD-WAN Manager (formerly SD-WAN vManage)
    • Catalyst SD-WAN Validator (formerly SD-WAN vBond)
    • GGSN Gateway GPRS Support Node
    • IOS XE Software
    • IOS XR
    • IOx Fog Director
    • MDS 9000 Series Multilayer Switches
    • Nexus 3000 Series Switches
    • Nexus 7000 Series Switches
    • Nexus 9000 Series Switches (standalone NX-OS mode)
    • PGW Packet Data Network Gateway
    • SD-WAN vEdge Routers
    • System Architecture Evolution (SAE) Gateway
    • Ultra Packet Core
  • Unified Computing:
    • UCS Central Software
    • UCS Manager

Products Confirmed Not Vulnerable

Cisco has confirmed that the following products are not affected by this vulnerability:

  • Network Application, Service, and Acceleration:
    • Nexus Dashboard Insights (On Prem)
    • Secure Workload
  • Network and Content Security Devices:
    • Firepower 4100/9300 FXOS Firepower Chassis Manager
    • Secure Malware Analytics Appliance
    • Umbrella Active Directory (AD) Connector
  • Network Management and Provisioning:
    • Cisco Evolved Programmable Network Manager (EPNM)
    • DNA Spaces Connector
    • Policy Suite
  • Routing and Switching – Enterprise and Service Provider:
    • Ultra Cloud Core – Policy Control Function
  • Unified Computing:
    • UCS B-Series Blade Servers
  • Wireless:
    • Various Aironet and Catalyst Series Access Points

Currently, there are no workarounds for this vulnerability. However, RADIUS clients and servers configured to use DTLS or TLS over TCP are not exploitable, provided the traffic is not sent in plaintext.

Cisco advises customers to consult the Cisco bugs identified in the Vulnerable Products section for information about fixed software releases.

Customers should ensure their devices have sufficient memory and that the new releases support their hardware and software configurations.

Cisco’s prompt action in addressing the RADIUS protocol vulnerability underscores the importance of staying vigilant and updated on security advisories.

Customers are encouraged to regularly check Cisco’s Security Advisories page for updates and apply patches as soon as they are available to safeguard their networks.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....

New Tool Unveiled to Scan Hacking Content on Telegram

A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....