Summaryinfo

A vulnerability categorized as problematic has been discovered in O-RAN Near Realtime RIC - H-Release. The affected element is an unknown function of the component sim-e2-interface/e2mgr. The manipulation results in denial of service. This vulnerability was named CVE-2024-34035. There is no available exploit.

Detailsinfo

A vulnerability was found in O-RAN Near Realtime RIC - H-Release (affected version unknown). It has been classified as problematic. Affected is an unknown functionality of the component sim-e2-interface/e2mgr. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability. CVE summarizes:

An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originating from an xApp.

The advisory is shared for download at jira.o-ran-sc.org. This vulnerability is traded as CVE-2024-34035 since 04/29/2024. There are neither technical details nor an exploit publicly available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2024-53928). VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Vendor

• O-RAN

Name

• Near Realtime RIC - H-Release

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion