Denial of Service Vulnerability in Athonet vEPC MME by Athonet
CVE-2024-24458

5.9MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Athonet Core
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-24458?

Athonet's vEPC MME v11.4.0 is susceptible to a vulnerability that allows attackers to exploit invalid memory access during the handling of ENB Configuration Transfer messages. By orchestrating multiple connection attempts with specially crafted payloads targeting invalid PLMN Identities, an attacker could prompt a Denial of Service, disrupting cellular network services and affecting user access. This risk underscores the importance of prompt security measures and updates in the affected systems.

Affected Version(s)

HPE Athonet Core HPE Athonet Core 11.0 <= 11.6

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024

HP (HP)

What is CVE-2024-24458?

Affected Version(s)

References

CVSS V3.1

Timeline