CVE-2022-24705 – CVE-2022-24705 is a critical buffer overflow vu... (How to Fix)

Q: What is the severity of CVE-2022-24705?

CVE-2022-24705 has a CVSS score of 9.8 (CRITICAL). CVE-2022-24705 is a critical buffer overflow vulnerability in the rad_packet_recv function of accel-ppp's RADIUS packet handling. It allows remote attackers to execute arbitrary code or crash the service by sending specially crafted RADIUS packets. Organizations running accel-ppp servers with RADIUS authentication enabled are affected.

📋 TL;DR

CVE-2022-24705 is a critical buffer overflow vulnerability in the rad_packet_recv function of accel-ppp's RADIUS packet handling. It allows remote attackers to execute arbitrary code or crash the service by sending specially crafted RADIUS packets. Organizations running accel-ppp servers with RADIUS authentication enabled are affected.

💻 Affected Systems

Products:

accel-ppp

Versions: All versions before commit 8a1a1a2 (specifically before the fix in pull request #35)

Operating Systems: Linux, BSD systems running accel-ppp

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects configurations using RADIUS authentication. PPPoE, L2TP, PPTP, and other protocols without RADIUS are not vulnerable.

📦 What is this software?

Accel Ppp by Accel Ppp

View all CVEs affecting Accel Ppp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, allowing attackers to install malware, steal credentials, or pivot to other systems.

🟠

Likely Case

Service disruption through denial of service (crash) and potential information disclosure from memory corruption.

🟢

If Mitigated

Limited to service disruption if proper network segmentation and least privilege are implemented.

🌐 Internet-Facing: HIGH - RADIUS servers often face the internet for authentication, making them prime targets.

🏢 Internal Only: MEDIUM - Internal RADIUS servers could still be exploited by compromised internal hosts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - The vulnerability is straightforward buffer overflow with public details.

Exploitation requires sending malformed RADIUS packets to the vulnerable service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 8a1a1a2 (pull request #35)

Vendor Advisory: https://github.com/accel-ppp/accel-ppp/pull/35

Restart Required: Yes

Instructions:

1. Update accel-ppp to version including commit 8a1a1a2. 2. Rebuild from source if using source distribution. 3. Restart the accel-ppp service.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict RADIUS traffic to trusted sources only using firewall rules.

iptables -A INPUT -p udp --dport 1812 -s trusted_ip -j ACCEPT
iptables -A INPUT -p udp --dport 1812 -j DROP

Disable RADIUS Authentication

all

Temporarily switch to local authentication or disable RADIUS if not essential.

# Edit accel-ppp config to remove or comment radius-server lines

🧯 If You Can't Patch

Implement strict network ACLs to allow RADIUS traffic only from authorized authentication sources.
Deploy intrusion prevention systems (IPS) to detect and block malformed RADIUS packets.

🔍 How to Verify

Check if Vulnerable:

Check accel-ppp version or git commit hash. If before commit 8a1a1a2 and using RADIUS, you are vulnerable.

Check Version:

accel-ppp --version 2>&1 | head -1

Verify Fix Applied:

Verify accel-ppp is running version with commit 8a1a1a2 or later. Test RADIUS functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

accel-ppp crash logs
RADIUS authentication failures with malformed packets
kernel logs showing segmentation faults

Network Indicators:

Unusually large RADIUS packets (>4096 bytes)
RADIUS packets from unexpected sources

SIEM Query:

source="accel-ppp" AND ("segmentation fault" OR "buffer overflow" OR "radius packet error")

📊 Metadata

CVE ID: CVE-2022-24705

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: February 14, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/accel-ppp/accel-ppp/pull/35 Patch,Third Party Advisory
https://github.com/accel-ppp/accel-ppp/pull/35 Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24705, you might also want to check these: