If the vulnerability, rated 7.5 out of 10 on the CVSS severity scale and tracked as CVE-2024-3596, is exploited - and it's not that easy to pull off - attackers could theoretically access network devices and services without needing credentials.
Essentially, the flaw allows someone to log into a client device that relies on a remote RADIUS server to perform the authentication check - without the correct credentials.
The attack can occur between any hop, requiring the attacker to act as a full network man-in-the-middle who can read, intercept, block, and modify inbound and outbound network packets.
Configurations or routing mistakes might unintentionally expose RADIUS traffic, enabling attackers to exploit DHCP or other mechanisms to gain access even with partial network entry.
Collection
[
|
...
]