A high severity vulnerability found within the Radius protocol which affects the Symantec Strong Authentication product.
What is the vulnerability?
The RADIUS protocol has a critical issue that impacts RADIUS transport over insecure networks, particularly using RADIUS over UDP or TCP.
This problem enables a man-in-the-middle attacker to forge a valid Access-Reject response to a client request that the RADIUS server has denied. In other words, the attacker can change an Access-Reject to an Access-Accept by using a malicious proxy state and altering the contents. As a result, the attacker can access protected resources and devices for which the RADIUS client authenticates.
All supported Strong Authentication Version ( 9.1.x)
Symantec Advanced Authentication
https://www.cve.org/CVERecord?id=CVE-2024-3596
NIST URL for CVE-2024-3596 - https://nvd.nist.gov/vuln/detail/CVE-2024-3596)