-
Notifications
You must be signed in to change notification settings - Fork 34
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
1 changed file
with
68 additions
and
0 deletions.
There are no files selected for viewing
68 changes: 68 additions & 0 deletions
68
docs/advisories/20240730002-Cisco-Critical-RADIUS-Protocol-Vulnerability.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| # Cisco Critical RADIUS Protocol Vulnerability - 20240730002 | ||
|
|
||
| ## Overview | ||
|
|
||
| The WA SOC has been made aware of a vulnerability in the RADIUS protocol, a widely used authentication and authorization framework for network access. | ||
| The vulnerability stems from a flaw in the MD5 Response Authenticator signature used in the RADIUS protocol. An attacker with network access can exploit this flaw to forge RADIUS responses, effectively bypassing authentication measures. This could lead to unauthorized access to sensitive network resources. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | ----------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ------------------ | | ||
| **Endpoint Clients and Client Software** | | [CVE-2024-3596](https://nvd.nist.gov/vuln/detail/CVE-2024-3596) | N/A | N/A | | ||
| | Duo Authentication Proxy | CSCwk87884 | ||
| **Network and Content Security Devices** | ||
| | Adaptive Security Appliance (ASA) | CSCwk71992 | ||
| | Firepower Device Manager (FDM) | CSCwk69454 | ||
| | Firepower Management Center (FMC) Software | CSCwk71817 | ||
| | Firepower Threat Defense (FTD) Software | CSCwk67902 | ||
| | Identity Services Engine (ISE) | CSCwk67747 | ||
| | Secure Email Gateway | CSCwk70832 | ||
| | Secure Email and Web Manager | CSCwk70833 | ||
| | Secure Firewall | CSCwk67859 | ||
| | Secure Network Analytics | CSCwk73619 | ||
| | Secure Web Appliance | CSCwk70834 | ||
| **Network Management and Provisioning** | ||
| | Application Policy Infrastructure Controller (APIC) | CSCwk70836 | ||
| | Crosswork Change Automation | CSCwk70850 | ||
| | Nexus Dashboard, formerly Application Services Engine | CSCwk70840 | ||
| | Prime Infrastructure | CSCwk79727 | ||
| **Routing and Switching - Enterprise and Service Provider** | ||
| | ASR 5000 Series Routers | CSCwk70831 | ||
| | Catalyst Center | CSCwk70845 | ||
| | Catalyst SD-WAN Controller, formerly SD-WAN vSmart | CSCwk70854 | ||
| | Catalyst SD-WAN Manager, formerly SD-WAN vManage | CSCwk70854 | ||
| | Catalyst SD-WAN Validator, formerly SD-WAN vBond | CSCwk70854 | ||
| | GGSN Gateway GPRS Support Node | CSCwk70831 | ||
| | IOS Software | CSCwk78278 | ||
| | IOS XE Software | CSCwk70852 | ||
| | IOS XR Software | CSCwk70236 | ||
| | IOx Fog Director | CSCwk70851 | ||
| | MDS 9000 Series Multilayer Switches | CSCwk70837 | ||
| | Nexus 3000 Series Switches | CSCwk70839 | ||
| | Nexus 7000 Series Switches | CSCwk70838 | ||
| | Nexus 9000 Series Switches in standalone NX-OS mode | CSCwk70839 | ||
| | PGW Packet Data Network Gateway | CSCwk70831 | ||
| | SD-WAN vEdge Routers | CSCwk70854 | ||
| | System Architecture Evolution (SAE) Gateway | CSCwk70831 | ||
| | Ultra Packet Core | CSCwk70831 | ||
| **Unified Computing** | ||
| | Enterprise NFV Infrastructure Software (NFVIS) | CSCwk79647 | ||
| | UCS Central Software | CSCwk71967 | ||
| | UCS Manager | CSCwk70842 | ||
|
|
||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Cisco Security Advisory: <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-radius-spoofing-july-2024-87cCDwZ3> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - Cybersecurity News: <https://securityonline.info/cisco-confirms-critical-radius-protocol-vulnerability-in-multi-products-patch-now/> | ||
| - WA Cyber Security Unit (DGov Technical): <https://soc.cyber.wa.gov.au//advisories/20240718003-Cisco-Security-Advisories/?h=> |