RADIUS protocol forgery attacks vulnerability CVE-2024-3596 and impact on Siteminder
search cancel

RADIUS protocol forgery attacks vulnerability CVE-2024-3596 and impact on Siteminder

book

Article ID: 371651

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Siteminder is impacted by the RADIUS CVE-2024-3596 vulnerability whenever  RADIUS AuthScheme (CHAP/PAP Template, Radius Server Template) is configured.

 

Environment

All supported Siteminder releases (12.8 SP6, 12.8 SP7, 12.8 SP8 and 12.8 SP8 CR01) 

Resolution

- Broadcom Siteminder DEV team has published patches to remediate the vulnerability for the following Siteminder build variations 

1. for all live SP GA versions.
2. for Container GA version.
3. for NIN kits delivered on top of SP releases.

- Each patch contains the binaries to be deployed with a README.txt file with the deployment steps.

- The patches by version are listed below:

S.No Service Pack Patch download link Patch Build number
1 12.8.0801 GA  https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99112207&os=MULTI-PLATFORM 12.8.0801.3013
2 12.8.08 GA  https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99112214&os=MULTI-PLATFORM 12.8.0800.2900
3 12.8.07 GA  https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99112215&os=MULTI-PLATFORM 12.8.0700.2768
4 12.8.06-A GA  https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99112216&os=MULTI-PLATFORM 12.8.0600.2665

 

- For any questions, please feel free to reach out to Broadcom Support for assistance.

Powered by Wolken Software