Denial of Service Vulnerability in Athonet vEPC MME Network Components
CVE-2024-24452

5.9MEDIUM

Key Information:

Vendor

HP (HP)

Vendor
CVE Published:
15 November 2024

What is CVE-2024-24452?

An invalid memory access issue exists in Athonet's vEPC MME version 11.4.0, specifically linked to the handling of the ProtocolIE_ID field in E-RAB Release Indication messages. This vulnerability enables attackers to disrupt cellular network functionality by executing a series of unauthorized connection requests accompanied by specially crafted payloads, leading to potential service outages. Organizations utilizing this product should apply relevant security patches and practices to mitigate risks associated with potential service interruptions.

Affected Version(s)

HPE Athonet Core HPE Athonet Core 11.0 <= 11.6

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-24452 : Denial of Service Vulnerability in Athonet vEPC MME Network Components