| عنوان | N/A Open5GS <= v2.7.5 Denial of Service |
|---|
| الوصف | A denial of service vulnerability exists in Open5GS AMF (version v2.7.5 and earlier) caused by a failed assertion in the amf_ue module. This issue is triggered when a single UE and gNB repeatedly connect and disconnect in a short period under specific network conditions.
The flaw causes the AMF process to terminate unexpectedly due to an internal assertion failure related to AMF UE state handling. When continuous attach and detach procedures are simulated—typically lasting between 1 to 3 minutes—the AMF crashes, resulting in the gNB losing its connection and service disruption. This failure can be reproduced consistently using automated UE/gNB simulators or misbehaving network equipment.
An attacker can exploit this vulnerability remotely by triggering frequent UE registration and deregistration cycles, causing the AMF to crash repeatedly. This leads to denial of access for UEs and impacts core network functions such as registration, session management, and mobility procedures.
This vulnerability has been evaluated using the CVSS v4.0 scoring system and received a base score of 8.8 (High severity) with the following vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
The vulnerability is remotely exploitable without requiring any privileges or user interaction, and it has a low attack complexity. While it does not compromise user data confidentiality or integrity, it causes a high impact on both general availability and the availability of critical security-related functions in the 5G core network, specifically the AMF component that handles registration, authentication, and signaling management.
A successful exploit can cause persistent denial of network service by crashing the AMF, making this a highly impactful denial-of-service vulnerability that requires immediate attention in Open5GS-based deployments. |
|---|
| المصدر | ⚠️ https://github.com/open5gs/open5gs/issues/3980 |
|---|
| المستخدم | ZYC010101 (UID 88541) |
|---|
| ارسال | 31/07/2025 07:40 AM (9 أشهر منذ) |
|---|
| الاعتدال | 09/08/2025 07:50 AM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 319328 [Open5GS حتى 2.7.5 AMF src/mme/esm-handler.c esm_handle_pdn_connectivity_request الحرمان من الخدمة] |
|---|
| النقاط | 20 |
|---|