CVE-2024-56921

CVE-2024-56921 is a denial-of-service vulnerability in Open5GS version 2.7.2, affecting the AMF (Access and Mobility Management Function) component. The issue stems from incorrect error handling in the gmm_state_exception() function when processing a Nausf_UEAuthentication_Authenticate response. Specifically, an InitialUEMessage or Registration request sent at a precise timing can trigger this flaw, causing the AMF to crash. The vulnerability is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-400 (Uncontrolled Resource Consumption).

The vulnerability can be exploited remotely over the network by unauthenticated attackers with no privileges or user interaction required. An attacker simply needs to send a crafted Registration request or InitialUEMessage at the exact moment when the AMF is expecting the authentication response, leading to an unhandled exception and process crash. Successful exploitation results in high-impact availability disruption, potentially denying service to legitimate UEs attempting to register on the 5G network.

Mitigation is available through a patch in Open5GS, as detailed in the commit at https://github.com/open5gs/open5gs/commit/f780f9af45c27b6f49987d96ba71dedb3dd85840. Additional details on the issue, including reproduction steps and discussion, are provided in the GitHub issue tracker at https://github.com/open5gs/open5gs/issues/3608. Security practitioners should update to a patched version of Open5GS beyond v2.7.2 to address this flaw.