RADIUS authentication bypass in Juniper Junos OS and Junos OS Evolved

1) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU94063

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2024-3596

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to use of a broken or risky cryptographic algorithm in RADIUS Protocol. A remote user can perform a man-in-the-middle (MitM) attack and gain access to target system.

Mitigation

Update to the fixed version when available.

The vendor plans to address this vulnerability in the future releases.

Vulnerable software versions

Juniper Junos OS: 21.4R1 - 23.4R2-S2

Junos OS Evolved: 21.4R1-EVO - 23.4R2-S2-EVO

Junos cRPD: before 24.4R1

CPE2.3

• cpe:2.3:o:juniper_networks:juniper_junos_os:23.2R2-S2:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:22.4R3-S4:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:23.4R2-S2:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:23.4R2-S1:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:21.4R3-S8:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:22.4R3-S3:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:22.2R3-S4.11:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:21.4R3-S7.9:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:23.2R2-S1:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:22.4R3-S2:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:22.4R3-S1:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:21.4R3-S6:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:22.2R3-S3:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:23.2R1-S2:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:22.4R2-S2:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:23.2R1-S1:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:21.4R3-S5:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:juniper_junos_os:22.2R3-S2:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:22.4R3-S4-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:23.2R2-S2-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:23.4R2-S2-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:23.4R2-S1-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:22.4R3-S3-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:21.4R3-S8-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:23.2R2-S1-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:22.4R3-S2-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:21.4R3-S7-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:22.2R3-S4-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:23.4R2-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:22.4R3-S1-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:21.4R3-S6-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:23.2R1-S2-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:22.2R3-S3-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:21.4R3-S5-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:23.2R2-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:22.4R2-S2-EVO:*:*:*:*:*:*:
• cpe:2.3:o:juniper_networks:junos_os_evolved:22.4R3-EVO:*:*:*:*:*:*:

External links

http://supportportal.juniper.net/s/article/2024-09-30-Out-of-Cycle-Security-Advisory-Multiple-Products-RADIUS-protocol-susceptible-to-forgery-attacks-Blast-RADIUS-CVE-2024-3596

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.