CVE-2021-25863 – Open5GS 2.1.3 has a default admin password and ... (How to Fix)

Q: What is the severity of CVE-2021-25863?

CVE-2021-25863 has a CVSS score of 8.8 (HIGH). Open5GS 2.1.3 has a default admin password and listens on all network interfaces, allowing attackers to gain administrative access to the 5G core network software. This affects all deployments using the default configuration without password changes or network restrictions.

📋 TL;DR

Open5GS 2.1.3 has a default admin password and listens on all network interfaces, allowing attackers to gain administrative access to the 5G core network software. This affects all deployments using the default configuration without password changes or network restrictions.

💻 Affected Systems

Products:

Open5GS

Versions: 2.1.3 and likely earlier versions with same default configuration

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable if using default admin password '1423' and service is accessible.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the 5G core network, allowing attacker to intercept/modify traffic, disrupt services, or pivot to other network components.

🟠

Likely Case

Unauthorized administrative access leading to configuration changes, service disruption, or data exfiltration.

🟢

If Mitigated

No impact if password is changed and network access is properly restricted.

🌐 Internet-Facing: HIGH - Service listens on 0.0.0.0 exposing admin interface to internet if firewall not configured.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit default credentials.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires network access to port 3000 and knowledge of default credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.4 or later

Vendor Advisory: https://github.com/open5gs/open5gs/issues/764

Restart Required: Yes

Instructions:

1. Update Open5GS to version 2.1.4 or later. 2. Change default admin password. 3. Restart Open5GS services.

🔧 Temporary Workarounds

Change Admin Password

linux

Change the default admin password from '1423' to a strong, unique password.

# Use Open5GS admin interface or configuration files to change password

Restrict Network Access

linux

Configure firewall to restrict access to port 3000 to trusted networks only.

sudo iptables -A INPUT -p tcp --dport 3000 -s TRUSTED_NETWORK -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 3000 -j DROP

🧯 If You Can't Patch

Change default admin password immediately
Restrict network access to port 3000 using firewall rules

🔍 How to Verify

Check if Vulnerable:

Check if Open5GS is listening on port 3000 and test authentication with default credentials 'admin:1423'.

Check Version:

open5gs --version

Verify Fix Applied:

Verify Open5GS version is 2.1.4+, default password no longer works, and port 3000 access is restricted.

📡 Detection & Monitoring

Log Indicators:

Failed login attempts on port 3000
Successful admin logins from unexpected sources

Network Indicators:

Unauthorized access attempts to port 3000
Traffic patterns suggesting admin interface compromise

SIEM Query:

source_port:3000 AND (event_type:auth_failed OR event_type:auth_success)

📊 Metadata

CVE ID: CVE-2021-25863

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: January 26, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/open5gs/open5gs/issues/764 Exploit,Third Party Advisory
https://github.com/open5gs/open5gs/issues/764 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25863, you might also want to check these: