CVE-2024-3596
CVE Details
Visit the official vulnerability details page for CVE-2024-3596 to learn more.
Initial Publication
11/06/2024
Last Update
01/16/2025
Third Party Dependency
krb5-libs
NIST CVE Summary
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
CVE Severity
Our Official Summary
With this vulnerability, an attacker can forge RADIUS responses, effectively bypassing authentication controls and gaining unauthorized access to network resources. The containers where this is reported in has controls makes it very difficult to satisfy the preconditions for this security bug to be exploited. For ex: to conduct the man in the middle attacks with this vulnerability user has to get high privilege acess to the containers and the underlying cluster where these are running. The impact of this bug for our product is low. Once the upstream fixes become available, we will adopt those.
Status
Ongoing
Affected Products & Versions
Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
---|---|---|---|---|
4.5.15 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
4.5.11 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
4.5.10 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
4.5.8 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
4.5.5 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
4.4.20 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
Revision History
Date | Revision |
---|---|
01/16/2025 | Official summary added |
12/31/2024 | Advisory assigned with CRITICAL severity |
12/16/2024 | Impacted versions changed from 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11 to 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15 |
11/15/2024 | Impacted versions changed from 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11 |
11/15/2024 | Impacted versions changed from 4.5.5, 4.5.8, 4.4.20 to 4.5.5, 4.5.8, 4.4.20, 4.5.10 |
11/13/2024 | Impacted versions changed from 4.5.5, 4.5.8 to 4.5.5, 4.5.8, 4.4.20 |
11/10/2024 | Impacted versions changed from 4.5.5 to 4.5.5, 4.5.8 |