CVE-2024-24429

HighPublic PoC

Published: 22 January 2025

Published

22 January 2025

Modified

22 April 2025

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Score 0.0018 39.0th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.

Security Summary

CVE-2024-24429 is a reachable assertion vulnerability in the nas_eps_send_emm_to_esm function within Open5GS versions up to and including 2.6.4. This flaw allows attackers to trigger a Denial of Service (DoS) condition through a specially crafted NGAP packet. The vulnerability is rated with a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) and is associated with CWE-617 (Reachable Assertion). It was published on 2025-01-22.

Unauthenticated attackers with network access can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. By sending a malicious NGAP packet to a vulnerable Open5GS instance, an attacker can cause the assertion to fail, leading to a crash and high-impact availability disruption. The changed scope (S:C) indicates potential effects beyond the vulnerable component.

Mitigation details and further advisories are available at https://cellularsecurity.org/ransacked.

Details

CWE(s): CWE-617

Affected Products

open5gs

≤ 2.6.4

References

https://cellularsecurity.org/ransacked
Exploit, Technical Description, Third Party Advisory · cve@mitre.org