"Juniper Junos OS CVE-2024-3596 (Blast-RADIUS): RADIUS Auth Bypass in Subscriber Management"

Blast-RADIUS is a protocol-level weakness in RADIUS itself, not a single vendor bug. Juniper has confirmed that Junos OS and Junos OS Evolved are affected where RADIUS is used for subscriber management, and has shipped fixes plus a built-in mitigation. This post explains what is actually at risk, the versions to move to, and how to confirm whether your devices are exposed.
What happened
In July 2024, researchers disclosed Blast-RADIUS, assigned CVE-2024-3596. The flaw is in the RADIUS protocol as defined in RFC 2865: a RADIUS authenticator value is protected only by an MD5 hash. An on-path (man-in-the-middle) attacker who can intercept RADIUS traffic between a network access server (the RADIUS client) and the RADIUS server can use a chosen-prefix MD5 collision to forge a server response. In practice, that means turning an Access-Reject into an Access-Accept (or modifying Access-Challenge) without knowing the shared secret or any user password.
Because this is a protocol issue, it affects many vendors and many RADIUS implementations. Juniper published a coordinated out-of-cycle advisory in 2024 covering multiple products, and a specific 2025-07 bulletin addressing the subscriber management RADIUS path in Junos OS and Junos OS Evolved — the deployment pattern most relevant to broadband network gateway (BNG) and large access-aggregation environments.
The condition that makes a device exploitable is the absence of the RADIUS Message-Authenticator attribute enforcement. When that attribute is required on responses, the forgery technique does not work.
Affected products and versions
The Junos OS subscriber-management fix is delivered in the releases below. Devices running RADIUS for subscriber management on earlier releases are affected.
| Product | Affected | Fixed |
|---|---|---|
| Junos OS (subscriber mgmt) | Versions before 21.4R3-S11 | 21.4R3-S11 |
| Junos OS | 22.2 before 22.2R3-S7 | 22.2R3-S7 |
| Junos OS | 22.4 before 22.4R3-S7 | 22.4R3-S7 |
| Junos OS | 23.2 before 23.2R2-S4 | 23.2R2-S4 |
| Junos OS | 23.4 before 23.4R2-S5 | 23.4R2-S5 |
| Junos OS | 24.2 before 24.2R2-S1 | 24.2R2-S1 |
| Junos OS | 24.4 before 24.4R1-S3 / 24.4R2 | 24.4R1-S3, 24.4R2, 25.2R1 and later |
| Junos OS Evolved | 23.4-EVO before 23.4R2-S5-EVO | 23.4R2-S5-EVO |
| Junos OS Evolved | 24.2-EVO before 24.2R2-S1-EVO | 24.2R2-S1-EVO |
| Junos OS Evolved | 24.4-EVO before 24.4R1-S3-EVO / 24.4R2-EVO | 24.4R1-S3-EVO, 24.4R2-EVO, 25.1R1-EVO and later |
Note: the broader Blast-RADIUS issue touches additional Juniper products (for example Mist and other platforms that act as RADIUS clients) covered by Juniper's separate 2024 out-of-cycle advisory. This table reflects the subscriber-management bulletin specifically. Always confirm the exact fixed build for your platform and train against Juniper's advisory before scheduling an upgrade.
How serious is it
The National Vulnerability Database assigns CVE-2024-3596 a CVSS 3.1 base score of 9.0 (Critical), with vector AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. The "high attack complexity" reflects the prerequisites: the attacker must be positioned on the network path between the RADIUS client and server and must compute an MD5 collision within the request window. It is not a remote, point-and-click exploit. But where it succeeds, the impact is authentication bypass — an attacker can be granted access they should have been denied.
On exploitation status: as of this writing, CVE-2024-3596 is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, and we found no credible reporting of in-the-wild exploitation. The original research team described a proof-of-concept that was kept private. Treat this as a serious flaw to remediate on a planned basis — not an emergency zero-day, but not one to leave indefinitely on the to-do list either, especially on infrastructure that authenticates large subscriber or user populations.
Am I exposed?
Work through these questions:
- Do you run Junos OS or Junos OS Evolved on a release older than the fixed builds above? If yes, you are potentially in scope.
- Do those devices use RADIUS for subscriber management / BNG? This bulletin is specifically about that path. (If you use RADIUS elsewhere in Junos or on other Juniper products, check Juniper's broader 2024 Blast-RADIUS advisory as well.)
- Is RADIUS traffic carried in cleartext UDP across any segment an attacker could reach? RADIUS between a NAS and server traversing untrusted or shared transport is the realistic attack surface. RADIUS confined to a hardened, isolated management segment is lower risk — but should still be patched.
- Is
Message-Authenticatorenforcement already in place? Devices that require the Message-Authenticator attribute on responses are protected against the forgery technique even before patching.
If RADIUS authentication is central to how your network grants access — service provider BNG, large campus, or any subscriber-facing edge — assume you need to act and verify version by version.
How to fix it
Patch to a fixed release. Upgrade affected devices to the corresponding fixed Junos OS or Junos OS Evolved build listed above (or a later release). The fixed releases introduce a message-authenticator configuration parameter under RADIUS server settings that is enabled by default, enforcing validation of the Message-Authenticator attribute on RADIUS responses. This is the durable remediation.
Interim mitigations if you cannot patch immediately:
- Enforce Message-Authenticator end to end. Configure both the RADIUS client (Junos) and the RADIUS server to require the Message-Authenticator attribute on all requests and responses. This is the protocol-level defense the researchers recommend and is what the patch enforces by default.
- Encrypt the RADIUS transport. Where supported, use RADIUS over TLS (RADSEC) so RADIUS exchanges are no longer carried as forgeable cleartext UDP. An attacker who cannot read or tamper with the exchange cannot mount the collision attack.
- Segment and restrict RADIUS paths. Keep RADIUS traffic on a dedicated, tightly controlled management network with no exposure to user or untrusted segments, reducing the opportunity for an on-path attacker.
Confirm your RADIUS server software is also patched and configured to send/require Message-Authenticator; this is a two-sided fix and patching only the Junos side is not sufficient if the server still omits the attribute.
How Uniqcli helps
Uniqcli is an authorized HPE, HPE Aruba Networking, and HPE Juniper Networking reseller serving US federal, SLED, healthcare, and enterprise customers. For CVE-2024-3596 we can help you:
- Assess exposure across your Juniper estate — identify which MX, BNG, and other Junos OS / Junos OS Evolved devices run affected releases and use RADIUS for subscriber management, and confirm whether Message-Authenticator enforcement is already in place.
- Plan and support the upgrade to fixed Junos releases, including maintenance-window sequencing for subscriber-facing edge devices where uptime matters.
- Source patched or replacement hardware when a device is at end of support, undersized for a current train, or needs refresh as part of remediation.
- Procure through your contract vehicle — TAA-compliant hardware available via GSA, NASA SEWP, and other federal and SLED pathways, with authorized warranty and genuine parts.
If RADIUS underpins access control on your network, contact Uniqcli to scope an exposure assessment and a remediation plan.
Sources
- Juniper 2025-07 Security Bulletin: Junos OS and Junos OS Evolved — RADIUS protocol for Subscriber Management (Blast-RADIUS) CVE-2024-3596
- Juniper 2024-09-30 Out of Cycle Security Advisory: Multiple Products — RADIUS protocol susceptible to forgery attacks (Blast-RADIUS) CVE-2024-3596
- NVD — CVE-2024-3596 Detail (CVSS 9.0 Critical)
- CERT/CC VU#456537 — RADIUS protocol susceptible to forgery attacks
- Blast-RADIUS research site (blastradius.fail)
- CISA Known Exploited Vulnerabilities Catalog
- Juniper Networks Security Advisories