Open5gs
CVE-2022-3299
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/sbi/client.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. The name of the patch is 724fa568435dae45ef0c3a48b2aabde052afae88. It is recommended to apply a patch to fix this issue. The identifier VDB-209545 was assigned to this vulnerability.
AnalysisAI
A vulnerability was found in Open5GS up to 2.4.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-404. A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/sbi/client.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. The name of the patch is 724fa568435dae45ef0c3a48b2aabde052afae88. It is recommended to apply a patch to fix this issue. The identifier VDB-209545 was assigned to this vulnerability. Affected products include: Open5Gs. Version information: up to 2.4.10..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
open5gs v2.6.4 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
Open5GS v2.6.4 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. Rated critical severity (CVSS 9.8
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account. Rated high severity (CVS
Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. Rated high sev
Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Same weakness CWE-404 – Improper Resource Shutdown or Release
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today