Crafted Payload Can Cause Denial of Service to Cellular Network
CVE-2024-24453

5.9MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Athonet Core
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-24453?

An invalid memory access issue in Athonet's vEPC MME v11.4.0 when processing the ProtocolIE_ID field of the E-RAB NotToBeModifiedBearerModInd information element may allow attackers to disrupt cellular network operations. By repeatedly establishing connections and transmitting specially crafted payloads, adversaries could induce a Denial of Service, impacting the overall stability and accessibility of the network.

Affected Version(s)

HPE Athonet Core HPE Athonet Core 11.0 <= 11.6

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024

HP (HP)

What is CVE-2024-24453?

Affected Version(s)

References

CVSS V3.1

Timeline