A critical privilege escalation vulnerability (CVE-2024-3596) was found in RADIUS network authentication protocol. A remote attacker could modify the RADIUS response packets in transit between the client and server sides to exploit the vulnerability in an attempt to bypassing integrity and authentication checks without any valid credentials required.
Reports indicated that a critical privilege escalation vulnerability (CVE-2024-3596) in RADIUS network authentication protocol is being exploited in the wild to carry out Man-in-the-Middle (MitM) attacks and bypass integrity checks. System administrators are advised to take immediate action to patch your affected systems or follow the recommendations provided by the product vendors to mitigate the elevated risk of cyber attacks.
Successful exploitation of the vulnerability could lead to privilege escalation and spoofing on an affected system.
An inexhaustive list of advisories published by product vendors is provided below. It is strongly recommended to consult product vendors if the used software products are affected and corresponding patches/mitigation measures are available. If so, system administrators should apply the patches when available or follow the recommendations provided by the product vendors to mitigate the risk.