Open5gs
CVE-2023-37018
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Capability Info Indication message missing a required MME_UE_S1AP_ID field to repeatedly crash the MME, resulting in denial of service.
AnalysisAI
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-617. Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Capability Info Indication message missing a required MME_UE_S1AP_ID field to repeatedly crash the MME, resulting in denial of service. Affected products include: Open5Gs.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
open5gs v2.6.4 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
Open5GS v2.6.4 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. Rated critical severity (CVSS 9.8
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account. Rated high severity (CVS
Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. Rated high sev
Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the
A buffer overflow vulnerability (CVSS 7.8) that allows a local attacker. Risk factors: public PoC available.
Same weakness CWE-617 – Reachable Assertion
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today