Denial of Service Flaw in Open5GS Affects Multiple Versions
CVE-2024-24429

8.6HIGH

Key Information:

Vendor: Open5GS
Status: Open5GS
Vendor: CVE Published:; 22 January 2025

What is CVE-2024-24429?

A denial of service vulnerability exists in the nas_eps_send_emm_to_esm function in Open5GS, allowing attackers to induce service disruptions by sending specially crafted NGAP packets. This vulnerability affects versions of Open5GS up to 2.6.4, potentially impacting network stability and availability for users. Attackers can exploit this flaw to render the service inoperable, underscoring the critical need for timely patching and security measures.

References

https://cellularsecurity.org/ransacked

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2025
Vulnerability Reserved
Jan 25, 2024