Buffer Overflow Vulnerability in Athonet MME Affecting Network Security
CVE-2024-24456

5.9MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Athonet Core
Vendor: CVE Published:; 31 March 2025

Summary

A vulnerability in the Athonet MME occurs when it processes a malformed E-RAB Release Command packet containing an invalid NAS PDU. This situation can trigger an immediate crash of the MME, which may stem from a buffer overflow condition. Such an incident could have serious implications for network operations, leading to potential service disruption.

Affected Version(s)

HPE Athonet Core HPE Athonet Core 11.0 <= 11.6

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Jan 25, 2024

Credit

This vulnerability was discovered by Bennett, N., Zhu, W., Simon, B., Kennedy, R., Enck, W., Traynor, P., Butler, K. (2024). RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces. https://nathanielbennett.com/publications/ransacked.pdf