Cisco Critical RADIUS Protocol Vulnerability - 20240730002¶
Overview¶
The WA SOC has been made aware of a vulnerability in the RADIUS protocol, a widely used authentication and authorization framework for network access. The vulnerability stems from a flaw in the MD5 Response Authenticator signature used in the RADIUS protocol. An attacker with network access can exploit this flaw to forge RADIUS responses, effectively bypassing authentication measures. This could lead to unauthorized access to sensitive network resources.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Endpoint Clients and Client Software | CVE-2024-3596 | N/A | N/A | |
| Duo Authentication Proxy | CSCwk87884 | |||
| Network and Content Security Devices | ||||
| Adaptive Security Appliance (ASA) | CSCwk71992 | |||
| Firepower Device Manager (FDM) | CSCwk69454 | |||
| Firepower Management Center (FMC) Software | CSCwk71817 | |||
| Firepower Threat Defense (FTD) Software | CSCwk67902 | |||
| Identity Services Engine (ISE) | CSCwk67747 | |||
| Secure Email Gateway | CSCwk70832 | |||
| Secure Email and Web Manager | CSCwk70833 | |||
| Secure Firewall | CSCwk67859 | |||
| Secure Network Analytics | CSCwk73619 | |||
| Secure Web Appliance | CSCwk70834 | |||
| Network Management and Provisioning | ||||
| Application Policy Infrastructure Controller (APIC) | CSCwk70836 | |||
| Crosswork Change Automation | CSCwk70850 | |||
| Nexus Dashboard, formerly Application Services Engine | CSCwk70840 | |||
| Prime Infrastructure | CSCwk79727 | |||
| Routing and Switching - Enterprise and Service Provider | ||||
| ASR 5000 Series Routers | CSCwk70831 | |||
| Catalyst Center | CSCwk70845 | |||
| Catalyst SD-WAN Controller, formerly SD-WAN vSmart | CSCwk70854 | |||
| Catalyst SD-WAN Manager, formerly SD-WAN vManage | CSCwk70854 | |||
| Catalyst SD-WAN Validator, formerly SD-WAN vBond | CSCwk70854 | |||
| GGSN Gateway GPRS Support Node | CSCwk70831 | |||
| IOS Software | CSCwk78278 | |||
| IOS XE Software | CSCwk70852 | |||
| IOS XR Software | CSCwk70236 | |||
| IOx Fog Director | CSCwk70851 | |||
| MDS 9000 Series Multilayer Switches | CSCwk70837 | |||
| Nexus 3000 Series Switches | CSCwk70839 | |||
| Nexus 7000 Series Switches | CSCwk70838 | |||
| Nexus 9000 Series Switches in standalone NX-OS mode | CSCwk70839 | |||
| PGW Packet Data Network Gateway | CSCwk70831 | |||
| SD-WAN vEdge Routers | CSCwk70854 | |||
| System Architecture Evolution (SAE) Gateway | CSCwk70831 | |||
| Ultra Packet Core | CSCwk70831 | |||
| Unified Computing | ||||
| Enterprise NFV Infrastructure Software (NFVIS) | CSCwk79647 | |||
| UCS Central Software | CSCwk71967 | |||
| UCS Manager | CSCwk70842 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours (refer Patch Management):
- Cisco Security Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-radius-spoofing-july-2024-87cCDwZ3
Additional References¶
- Cybersecurity News: https://securityonline.info/cisco-confirms-critical-radius-protocol-vulnerability-in-multi-products-patch-now/
- WA Cyber Security Unit (DGov Technical): https://soc.cyber.wa.gov.au//advisories/20240718003-Cisco-Security-Advisories/?h=