Denial of Service Vulnerability in Athonet vEPC MME
CVE-2024-24454

5.9MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Athonet Core
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-24454?

Athonet vEPC MME v11.4.0 is susceptible to a vulnerability that allows attackers to exploit an invalid memory access when processing ProtocolIE_ID fields in E-RAB Modify Request messages. This flaw can be leveraged to create a Denial of Service condition in cellular networks, where attackers can repeatedly initiate connections with carefully crafted payloads, potentially disrupting service and availability.

Affected Version(s)

HPE Athonet Core HPE Athonet Core 11.0 <= 11.6

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024

HP (HP)

What is CVE-2024-24454?

Affected Version(s)

References

CVSS V3.1

Timeline