Skip to main content
Version: latest

CVE-2024-3596

CVE Details

Visit the official vulnerability details page for CVE-2024-3596 to learn more.

Initial Publication

11/06/2024

Last Update

01/20/2025

Third Party Dependency

krb5-libs

NIST CVE Summary

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

CVE Severity

9

Our Official Summary

With this vulnerability, an attacker can forge RADIUS responses, effectively bypassing authentication controls and gaining unauthorized access to network resources. The containers where this is reported in has controls makes it very difficult to satisfy the preconditions for this security bug to be exploited. For ex: to conduct the man in the middle attacks with this vulnerability user has to get high privilege acess to the containers and the underlying cluster where these are running. The impact of this bug for our product is low. Once the upstream fixes become available, we will adopt those.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.5.20⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.15⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.11⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.10⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.8⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.5⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.4.20⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted

Revision History

DateRevision
01/20/2025Impacted versions changed from 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15 to 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20
01/16/2025Official summary added
12/31/2024Advisory assigned with CRITICAL severity
12/16/2024Impacted versions changed from 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11 to 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15
11/15/2024Impacted versions changed from 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11
11/15/2024Impacted versions changed from 4.5.5, 4.5.8, 4.4.20 to 4.5.5, 4.5.8, 4.4.20, 4.5.10
11/13/2024Impacted versions changed from 4.5.5, 4.5.8 to 4.5.5, 4.5.8, 4.4.20
11/10/2024Impacted versions changed from 4.5.5 to 4.5.5, 4.5.8