CVE-2021-44108 – This vulnerability in Open5GS allows remote att... (How to Fix)

Q: What is the severity of CVE-2021-44108?

CVE-2021-44108 has a CVSS score of 7.5 (HIGH). This vulnerability in Open5GS allows remote attackers to cause a Denial of Service (DoS) by sending a specially crafted SBI request to the AMF component. The null pointer dereference causes the AMF service to crash, disrupting 5G network functionality. Any organization running vulnerable versions of Open5GS with AMF exposed to untrusted networks is affected.

📋 TL;DR

This vulnerability in Open5GS allows remote attackers to cause a Denial of Service (DoS) by sending a specially crafted SBI request to the AMF component. The null pointer dereference causes the AMF service to crash, disrupting 5G network functionality. Any organization running vulnerable versions of Open5GS with AMF exposed to untrusted networks is affected.

💻 Affected Systems

Products:

Open5GS

Versions: 2.3.6 and earlier

Operating Systems: Linux, BSD-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with AMF component enabled and exposed to network requests. The vulnerability is in the SBI request handling code.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of 5G network services served by the affected AMF instance, potentially affecting multiple user devices and network functions.

🟠

Likely Case

AMF service crash requiring manual restart, causing temporary service disruption for connected devices.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring allowing quick detection and recovery.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via network requests to the AMF SBI interface.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to disrupt services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires sending a crafted SBI request to the AMF interface, which is typically network-accessible. No authentication is required to trigger the null pointer dereference.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.7 and later

Vendor Advisory: https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c

Restart Required: Yes

Instructions:

1. Update Open5GS to version 2.3.7 or later. 2. Apply the patch from commit d919b2744cd05abae043490f0a3dd1946c1ccb8c. 3. Restart the AMF service. 4. Verify the fix by checking the version and monitoring for crashes.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict network access to AMF SBI interface to trusted networks only

iptables -A INPUT -p tcp --dport [AMF_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [AMF_PORT] -j DROP

Rate Limiting

linux

Implement rate limiting on AMF SBI interface to limit impact of DoS attempts

iptables -A INPUT -p tcp --dport [AMF_PORT] -m limit --limit 10/minute --limit-burst 20 -j ACCEPT

🧯 If You Can't Patch

Implement strict network access controls to limit AMF SBI interface exposure
Deploy monitoring and alerting for AMF service crashes with automated restart capabilities

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs-amfd --version. If version is 2.3.6 or earlier, the system is vulnerable.

Check Version:

open5gs-amfd --version

Verify Fix Applied:

After patching, verify version is 2.3.7 or later and monitor AMF service for stability. Test with normal SBI requests.

📡 Detection & Monitoring

Log Indicators:

AMF service crash logs
Segmentation fault errors in system logs
Unexpected AMF process termination

Network Indicators:

Unusual SBI request patterns to AMF port
Multiple connection attempts to AMF from single source

SIEM Query:

source="*amf*" AND ("segmentation fault" OR "null pointer" OR "crash" OR "terminated unexpectedly")

📊 Metadata

CVE ID: CVE-2021-44108

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: April 5, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c Patch,Third Party Advisory
https://github.com/open5gs/open5gs/issues/1247 Exploit,Issue Tracking,Third Party Advisory
https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c Patch,Third Party Advisory
https://github.com/open5gs/open5gs/issues/1247 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-44108, you might also want to check these: