CVE ID: CVE-2024-3596

Severity: CRITICAL | CVSS: 9.0

Sources: 2 different security sources

Let Me Explain What Happened

Let me walk you through something important that affects a protocol many organizations rely on every day. The RADIUS protocol—that's Remote Authentication Dial-In User Service, the system that's been handling network authentication since 1997—has a critical vulnerability that allows attackers to forge authentication responses. Think of it like this: imagine if someone could intercept a "yes, this person is allowed in" message from your security guard and change it to grant access to anyone they want. That's essentially what's happening here, and it's been given the name "BlastRADIUS" by the researchers who discovered it.

This vulnerability was publicly disclosed in July 2024, but we're seeing it resurface in recent security advisories as vendors continue to patch their affected products. CISA issued an advisory on December 16, 2025, specifically addressing Hitachi Energy products, and Cyble's vulnerability intelligence team flagged it again in their December 23, 2025 weekly roundup as part of over 2,400 tracked vulnerabilities that week.

A Bit More Detail

Here's what's really going on under the hood. The RADIUS protocol, as defined in RFC 2865, uses MD5 hashing to create what's called a "Response Authenticator"—essentially a digital signature that proves a response is legitimate. The problem is that MD5 has known weaknesses, and researchers have demonstrated that an attacker positioned on the network can use a chosen-prefix collision attack to modify any valid RADIUS response. They can turn an Access-Reject into an Access-Accept, or manipulate Access-Challenge responses to bypass authentication entirely.

What makes this particularly concerning is that the attacker doesn't need to be directly on your network initially—they need network-level access between the RADIUS client and server, which could be achieved through various means. The CVSS vector (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) tells us this is a network-based attack with high complexity, but it requires no privileges and no user interaction, and it has changed scope with high impact on confidentiality, integrity, and availability.

The Technical Specifics

• Attack Vector: Network (AV:N) - Can be exploited remotely
• Attack Complexity: High (AC:H) - Requires specific conditions but is feasible
• Privileges Required: None (PR:N) - No authentication needed to exploit
• Scope: Changed (S:C) - Impact extends beyond the vulnerable component
• Affected Products: Any implementation of RADIUS protocol under RFC 2865, including:
  • Hitachi Energy AFS 660-B/C/S
  • Hitachi Energy AFS 665-B/S
  • Hitachi Energy AFS 670 v2.0
  • Hitachi Energy AFR and AFF Series products
  • SonicWall products (see SNWLID-2024-0014)
  • NetApp products (see NTAP-20240822-0001)
  • Siemens products (see SSA-723487 and SSA-794185)
• CWE Classification:
  • CWE-354: Improper Validation of Integrity Check Value
  • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
• Root Cause: MD5 chosen-prefix collision attack against Response Authenticator signature
• Research Details: Discovered by computer scientists at UC San Diego and documented at blastradius.fail

Understanding the Attack Mechanism

Let me break down how this attack actually works, because understanding it will help you protect against it. When a RADIUS server responds to an authentication request, it creates a Response Authenticator using MD5. This authenticator is supposed to prove that the response came from the legitimate server and hasn't been tampered with.

The researchers discovered that by exploiting MD5's collision vulnerabilities, an attacker who can intercept network traffic between the RADIUS client and server can craft a modified response that still produces a valid-looking authenticator. It's like being able to forge a wax seal on a letter—the recipient sees what looks like a legitimate seal, but the contents have been changed.

The attack requires the attacker to be in a man-in-the-middle position, which means they need to intercept traffic between your network access server (the RADIUS client) and your RADIUS server. This could happen through ARP spoofing, DNS hijacking, compromised network infrastructure, or other network-level attacks.

What You Should Do About This

• Right Now - Immediate Actions:
  • Inventory your RADIUS infrastructure: Identify all RADIUS servers, clients, and the network paths between them. You need to know what you're protecting before you can protect it.
  • Review network segmentation: Ensure RADIUS traffic flows through trusted, monitored network segments. The attacker needs network access to exploit this, so limiting who can see that traffic is crucial.
  • Enable additional monitoring: Look for unusual authentication patterns, unexpected Access-Accept responses, or authentication attempts from unusual locations.
  • Check vendor advisories: If you're using Hitachi Energy, SonicWall, NetApp, or Siemens products, review their specific security advisories for patch availability and workarounds.
• For the Long Term - Strategic Mitigations:
  • Migrate to RADIUS/TLS or RADIUS/DTLS: The IETF is working on deprecating traditional RADIUS in favor of these encrypted variants. Start planning your migration now—this is the real long-term solution.
  • Implement IPsec or other transport security: If you can't immediately migrate protocols, wrap your RADIUS traffic in IPsec tunnels to prevent man-in-the-middle attacks.
  • Apply vendor patches: As vendors release updates addressing CVE-2024-3596, test and deploy them in your environment. Check the Siemens advisories (SSA-723487 and SSA-794185), SonicWall PSIRT (SNWLID-2024-0014), and NetApp security advisory (NTAP-20240822-0001).
  • Consider alternative authentication: For new deployments, evaluate whether RADIUS is still the right choice or if more modern protocols like 802.1X with EAP-TLS might better serve your needs.
  • Strengthen network access controls: Implement strict controls on who can access network segments where RADIUS traffic flows. Use VLANs, ACLs, and network monitoring to detect potential man-in-the-middle positioning.

Detection and Hunting Guidance

Here's how you can look for potential exploitation attempts in your environment. While this attack is sophisticated and may not leave obvious traces, there are some indicators you can monitor:

• Network-level detection:
  • Monitor for ARP spoofing or other man-in-the-middle attack indicators on network segments carrying RADIUS traffic
  • Look for duplicate IP addresses or MAC address changes that could indicate positioning for interception
  • Watch for unusual latency or packet loss on RADIUS traffic, which might indicate interception and manipulation
• Authentication anomalies:
  • Unexpected Access-Accept responses for accounts that should have been denied
  • Authentication successes from unusual locations or at unusual times
  • Patterns of failed authentications followed by unexpected successes
• Log correlation:
  • Compare RADIUS server logs with network access logs to identify discrepancies
  • Look for authentication events that appear in client logs but not in server logs (or vice versa)

Why This Matters Beyond the Technical Details

I want to take a moment to explain why this vulnerability is particularly significant. RADIUS has been a cornerstone of network authentication for nearly three decades. It's used in countless organizations for VPN access, wireless network authentication, network device management, and more. When a protocol this fundamental has a critical vulnerability, it affects a vast portion of the internet's infrastructure.

The fact that this vulnerability is in the protocol specification itself (RFC 2865) rather than in a particular implementation means that virtually every RADIUS deployment is potentially affected. This is why you're seeing advisories from so many different vendors—they're all implementing the same vulnerable protocol.

The research team at UC San Diego who discovered this vulnerability has done the community a great service by thoroughly documenting it and working with vendors on mitigations. Their website at blastradius.fail provides extensive technical details, and the IETF is now actively working on deprecating the vulnerable RADIUS protocol in favor of more secure alternatives.

Going Deeper: Advanced Technical Context

For those of you who want to understand the cryptographic details, here's what's happening. MD5 produces a 128-bit hash, and researchers have demonstrated chosen-prefix collision attacks where they can find two different messages that produce the same MD5 hash. In the context of RADIUS, the Response Authenticator is calculated as MD5(Code + ID + Length + Request Authenticator + Attributes + Secret).

The attack exploits the fact that an attacker who can predict or influence parts of this calculation can craft a collision that allows them to substitute their own response while maintaining a valid authenticator. The "chosen-prefix" aspect means they can choose specific prefixes for both the legitimate and malicious messages, then find collision blocks that make them hash to the same value.

This is why simply increasing key lengths or using stronger secrets doesn't fix the problem—the vulnerability is in the use of MD5 itself, which is cryptographically broken for this purpose. The solution requires either wrapping RADIUS in a secure transport (like TLS or IPsec) or migrating to protocols that use modern cryptographic primitives.

The Path Forward

If you're responsible for RADIUS infrastructure, here's my advice: treat this as a wake-up call to modernize your authentication infrastructure. The IETF draft for deprecating RADIUS (draft-ietf-radext-deprecating-radius) provides a roadmap for the industry's transition away from this protocol. While that transition will take years, you can start now by:

• Documenting your current RADIUS usage and dependencies
• Identifying which systems could migrate to more modern protocols
• Implementing transport security for RADIUS traffic that must remain
• Planning for eventual protocol migration in your infrastructure roadmap

Remember, security is a journey, not a destination. This vulnerability has existed in the protocol since 1997, but we're only now fully understanding its implications. That's how security research works—we continuously discover new attack techniques against old systems. The key is to respond thoughtfully and systematically, not to panic.

Where I Found This Information

• National Vulnerability Database - CVE-2024-3596 (Authoritative Source)
• CISA ICS Advisory ICSA-25-350-03 - Hitachi Energy AFS, AFR and AFF Series (Credibility: 10)
• Cyble - The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge (Credibility: 8)
• BlastRADIUS Research Site - UC San Diego
• IETF RFC 2865 - RADIUS Protocol Specification
• IETF Draft - Deprecating RADIUS
• Network RADIUS - RADIUS and MD5 Collisions Technical Paper
• CERT/CC Vulnerability Note VU#456537
• SonicWall PSIRT - SNWLID-2024-0014
• NetApp Security Advisory - NTAP-20240822-0001
• Siemens Security Advisory SSA-723487
• Siemens Security Advisory SSA-794185
• OSS Security Mailing List - July 9, 2024 Disclosure
• UC San Diego News - Computer Scientists Discover Vulnerabilities

Note: This is automated security intelligence based on multiple sources. Always test updates carefully before applying them everywhere, and consult your vendor's specific guidance for your products and environment.