Lucene search
K

142 matches found

BDU FSTEC
BDU FSTEC
added 2025/05/16 12:0 a.m.6 views

The vulnerability in the message processing function of the RADIUS authentication, authorization, and accounting protocol implemented by the Cisco Identity Services Engine (ISE) platform for network connection policy management allows a perpetrator to cause a denial-of-service attack on a network access device (NAD).

The vulnerability of the message processing function in the implementation of the RADIUS authentication, authorization, and accounting protocol of the Cisco Identity Services Engine ISE platform is related to reading data beyond the buffer in memory. Exploiting this vulnerability could allow a...

8.6CVSS8.2AI score0.00667EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.14 views

Alibaba Cloud Linux 3 : 0159: freeradius:3.0 (ALINUX3-SA-2024:0159)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0159 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-3596: RADIUS Protocol under RFC 2865 is...

9CVSS7.9AI score0.14859EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.8 views

Alibaba Cloud Linux 3 : 0239: krb5 (ALINUX3-SA-2024:0239)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0239 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-3596: RADIUS Protocol under RFC 2865 is...

9CVSS7.9AI score0.14859EPSS
Exploits2References2
ICS
ICS
added 2025/05/13 12:0 a.m.8 views

Siemens SIPROTEC and SICAM

SUMMARY This advisory documents the impact of CVE-2024-3596 also dubbed "Blastradius", a vulnerability in the RADIUS protocol, to SIPROTEC, SICAM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server the RADIUS client, e.g., a SICAM device...

9CVSS8.7AI score0.14859EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2025/04/03 12:0 a.m.10 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.103014)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.103014 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any val...

9CVSS7.6AI score0.14859EPSS
Exploits2References3
OSV
OSV
added 2025/03/12 5:15 a.m.9 views

AZL-58604 CVE-2025-24912 affecting package wpa_supplicant for versions less than 2.10-3

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail...

3.7CVSS5.7AI score0.00716EPSS
Exploits0References1
OSV
OSV
added 2025/03/12 5:15 a.m.6 views

UBUNTU-CVE-2025-24912

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail...

3.7CVSS5.8AI score0.00716EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.5 views

hostapd 安全漏洞

hostapd is a user space daemon for access points and authentication servers from the individual developer Jouni Malinen. A security vulnerability exists in hostapd version 2.11 and earlier, which stems from the improper handling of specially crafted RADIUS packets, which could lead to RADIUS...

3.7CVSS4.6AI score0.00716EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/03/07 12:0 a.m.29 views

Fortinet Fortigate RADIUS Protocol CVE-2024-3596 (FG-IR-24-255)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-255 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response...

9CVSS8AI score0.14859EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2025/03/07 12:0 a.m.14 views

Fortinet FortiWeb RADIUS Protocol CVE-2024-3596 (FG-IR-24-255)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-255 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response...

9CVSS8AI score0.14859EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-3596

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or...

9CVSS7.2AI score0.14859EPSS
Exploits2References3
OSV
OSV
added 2025/02/21 10:5 a.m.8 views

CLSA-2025-1740132301 krb5: Fix of CVE-2024-3596

CVE-2024-3596: Generate and verify message MACs in libkrad for vulnerability in RADIUS protocol which allows attackers to forge authentication responses...

9CVSS7.3AI score0.14859EPSS
Exploits2References1
OSV
OSV
added 2025/02/21 10:2 a.m.8 views

CLSA-2025-1740132172 krb5: Fix of CVE-2024-3596

CVE-2024-3596: Generate and verify message MACs in libkrad for vulnerability in RADIUS protocol which allows attackers to forge authentication responses...

9CVSS7.2AI score0.14859EPSS
Exploits2References1
OSV
OSV
added 2025/01/14 2:15 p.m.2 views

CVE-2024-46665

An insertion of sensitive information into sent data vulnerability CWE-201 in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests...

3.7CVSS5.8AI score0.00523EPSS
Exploits0References1
Redos
Redos
added 2024/12/11 12:0 a.m.15 views

ROS-20241211-12

A vulnerability in the RADIUS authentication protocol implementation is related to bypassing the authentication procedure through capture-replay of intercepted messages. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access by forging an authentication...

9CVSS7.7AI score0.14859EPSS
Exploits2
OSV
OSV
added 2024/12/02 5:17 p.m.6 views

MGASA-2024-0385 Updated krb5 packages fix security vulnerability

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. CVE-2024-3596...

9CVSS9.3AI score0.14859EPSS
Exploits2References3
Mageia
Mageia
added 2024/12/02 5:17 p.m.29 views

Updated krb5 packages fix security vulnerability

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. CVE-2024-3596...

9CVSS7.1AI score0.14859EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2024/11/26 12:0 a.m.15 views

Fortinet FortiProxy Out-of-bound Write in sslvpnd (FG-IR-24-255)

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. Note that Nessus has...

9CVSS7.9AI score0.14859EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2024/11/04 1:50 a.m.5 views

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

9CVSS7.2AI score0.14859EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2024/11/04 1:44 a.m.4 views

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

9CVSS7.2AI score0.14859EPSS
Exploits2References10
Rows per page
Query Builder