Denial of Service Vulnerability in Open5GS MME Software by Open5GS
CVE-2023-37017

8.6HIGH

Key Information:

Vendor: Open5GS
Status: Open5GS MME
Vendor: CVE Published:; 22 January 2025

What is CVE-2023-37017?

The Open5GS MME software versions up to 2.6.4 are susceptible to a denial of service vulnerability that can be exploited through the transmission of malformed ASN.1 packets over the S1AP interface. Specifically, an attacker can craft an S1Setup Request message that omits the mandatory Global eNB ID field, leading to repeated crashes of the MME service. This results in significant disruption and unavailability for users relying on the affected software.

References

https://cellularsecurity.org/ransacked

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2025
Vulnerability Reserved
Jun 28, 2023