Denial of Service Vulnerability in Open5GS MME Software by Open5GS
CVE-2023-37017

8.6HIGH

Key Information:

Vendor: Open5GS
Status: Open5GS MME
Vendor: CVE Published:; 22 January 2025

What is CVE-2023-37017?

The Open5GS MME software versions up to 2.6.4 are susceptible to a denial of service vulnerability that can be exploited through the transmission of malformed ASN.1 packets over the S1AP interface. Specifically, an attacker can craft an S1Setup Request message that omits the mandatory Global eNB ID field, leading to repeated crashes of the MME service. This results in significant disruption and unavailability for users relying on the affected software.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://cellularsecurity.org/ransacked

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 22, 2025
Vulnerability Reserved
Jun 28, 2023

JSON

Open5GS

What is CVE-2023-37017?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.