Denial of Service Vulnerability in Athonet vEPC MME by Athonet
CVE-2024-24455

5.9MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Athonet Core
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-24455?

Athonet vEPC MME v11.4.0 experiences an issue due to invalid memory access when processing UE Context Release messages with malformed UE identifiers. This vulnerability can be exploited by attackers to repeatedly trigger connections and send specially crafted payloads, resulting in disruption of service within cellular networks. Effective network protections and timely updates are vital to mitigate the risks associated with this vulnerability.

Affected Version(s)

HPE Athonet Core HPE Athonet Core 11.0 <= 11.6

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024

HP (HP)

What is CVE-2024-24455?

Affected Version(s)

References

CVSS V3.1

Timeline