CVE-2024-24430 in Open5GS
Summary
by MITRE • 01/22/2025
A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/22/2025
The vulnerability identified as CVE-2024-24430 represents a critical denial of service weakness within the Open5GS network function software version 2.6.4 and earlier. This flaw manifests in the mme_ue_find_by_imsi function where an assertion can be triggered through the careful construction of a NAS packet. The issue stems from insufficient input validation and error handling mechanisms within the mobile management entity component of the Open5GS platform, which serves as a core element in 5G core network implementations.
The technical nature of this vulnerability falls under CWE-617, which addresses reachable assertions that can be exploited by attackers to cause program termination or unexpected behavior. When an attacker crafts a malicious NAS packet containing specific parameters that bypass normal validation checks, the assertion within mme_ue_find_by_imsi function becomes active. This assertion failure results in immediate process termination and subsequent denial of service for legitimate users within the network. The vulnerability operates at the network protocol level, specifically targeting the mobility management entity which handles user equipment registration and mobility management procedures in 5G networks.
From an operational perspective, this vulnerability poses significant risk to network availability and service continuity for operators deploying Open5GS versions up to 2.6.4. The attack vector requires minimal sophistication as it only necessitates sending a crafted NAS packet to the target system, making it particularly dangerous in production environments where network availability is paramount. The impact extends beyond simple service disruption to potentially affecting network integrity and user experience, as legitimate users may lose connectivity during the DoS event. This vulnerability directly aligns with ATT&CK technique T1499.004 which covers network denial of service attacks, and represents a critical weakness in the network infrastructure that could be exploited by threat actors to disrupt services.
Mitigation strategies for CVE-2024-24430 primarily involve immediate upgrade to Open5GS version 2.6.5 or later, where the assertion handling has been properly addressed. Network administrators should implement monitoring solutions to detect unusual NAS packet patterns that might indicate exploitation attempts. Additionally, deploying intrusion detection systems that can identify malformed NAS packets and implementing rate limiting mechanisms for incoming network traffic can provide additional defensive layers. The fix implemented in newer versions addresses the root cause by strengthening input validation and ensuring proper error handling within the mme_ue_find_by_imsi function, preventing the assertion from being triggered by malformed inputs while maintaining normal operational functionality. Organizations should also conduct thorough testing of upgraded systems to ensure compatibility and proper functionality of their 5G core network infrastructure.