Vulnerabilities > Freeradius > Freeradius > 3.0.21

DATE CVE VULNERABILITY TITLE RISK
2024-07-09 CVE-2024-3596 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in multiple products
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
network
high complexity
freeradius broadcom sonicwall CWE-924
critical
9.0
2023-01-17 CVE-2022-41860 Unspecified vulnerability in Freeradius
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries.
network
low complexity
freeradius
7.5
2023-01-17 CVE-2022-41861 Improper Input Validation vulnerability in Freeradius
A flaw was found in freeradius.
network
low complexity
freeradius CWE-20
6.5