Denial of Service Vulnerability in Athonet vEPC MME Network Components
CVE-2024-24452
5.9MEDIUM
What is CVE-2024-24452?
An invalid memory access issue exists in Athonet's vEPC MME version 11.4.0, specifically linked to the handling of the ProtocolIE_ID field in E-RAB Release Indication messages. This vulnerability enables attackers to disrupt cellular network functionality by executing a series of unauthorized connection requests accompanied by specially crafted payloads, leading to potential service outages. Organizations utilizing this product should apply relevant security patches and practices to mitigate risks associated with potential service interruptions.
Affected Version(s)
HPE Athonet Core HPE Athonet Core 11.0 <= 11.6
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published