Denial of Service Vulnerability in Athonet vEPC MME Software
CVE-2024-24459

5.9MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Athonet Core
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-24459?

Athonet vEPC MME version 11.4.0 is susceptible to a Denial of Service (DoS) vulnerability due to improper handling of the ProtocolIE_ID field within S1Setup Request messages. Attackers can exploit this weakness by repeatedly establishing connections and transmitting specially crafted payloads, which can lead to service disruption in cellular networks.

Affected Version(s)

HPE Athonet Core HPE Athonet Core 11.0 <= 11.6

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024

HP (HP)

What is CVE-2024-24459?

Affected Version(s)

References

CVSS V3.1

Timeline