DoS Vulnerability in Open5GS by Open5GS Developer
CVE-2024-24430

7.5HIGH

Key Information:

Vendor: Open5GS Developer
Status: Open5GS
Vendor: CVE Published:; 22 January 2025

🔔 Create Open5GS Developer Vulnerability Alert

What is CVE-2024-24430?

A reachable assertion in the mme_ue_find_by_imsi function of Open5GS versions earlier than 2.6.4 presents a potential Denial of Service threat. Attackers can exploit this vulnerability by sending specially crafted NAS packets, causing the system to become unresponsive. It is essential for organizations utilizing Open5GS to monitor their systems and apply any patches or upgrades to maintain security and ensure uninterrupted service.

References

https://cellularsecurity.org/ransacked

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2025
Vulnerability Reserved
Jan 25, 2024