Login Sign Up

CVE-2021-45462

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2021-45462 is a denial-of-service vulnerability in Open5GS 2.4.0 where a malicious User Equipment (UE) can send a specially crafted packet to crash the SGW-U/UPF components. This affects 5G core network deployments using vulnerable Open5GS versions, potentially disrupting mobile data services.

💻 Affected Systems

Products:
  • Open5GS
Versions: 2.4.0 specifically
Operating Systems: Linux-based systems running Open5GS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects deployments with SGW-U/UPF components exposed to UE traffic. Requires packet processing capability from UE side.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of 5G data services in affected network segments, leading to widespread connectivity loss for mobile users.

🟠

Likely Case

Intermittent service outages affecting specific network nodes, requiring manual restart of crashed components.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring allowing rapid detection and recovery.

🌐 Internet-Facing: MEDIUM - Requires UE access which could come from compromised devices or malicious users, but 5G networks typically have authentication layers.
🏢 Internal Only: HIGH - Once inside the network (via legitimate or compromised UE), exploitation is straightforward and can cause immediate service disruption.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires UE access but the crash mechanism is straightforward once packet crafting is understood. No authentication bypass needed beyond normal UE access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit a0f2535cb5a29bba6dbbccdb90c74ccd770cc700 and later versions

Vendor Advisory: https://github.com/open5gs/open5gs/commit/a0f2535cb5a29bba6dbbccdb90c74ccd770cc700

Restart Required: Yes

Instructions:

1. Update Open5GS to version after commit a0f2535cb5a29bba6dbbccdb90c74ccd770cc700. 2. Restart SGW-U/UPF components. 3. Verify no crashes occur during normal operation.

🔧 Temporary Workarounds

Network segmentation

all

Isolate SGW-U/UPF components from untrusted UE traffic using firewalls or network policies

Rate limiting

linux

Implement packet rate limiting on UE-facing interfaces to reduce attack surface

iptables -A INPUT -p udp --dport 2152 -m limit --limit 1000/min -j ACCEPT
iptables -A INPUT -p udp --dport 2152 -j DROP

🧯 If You Can't Patch

  • Implement strict UE authentication and monitoring to detect anomalous packet patterns
  • Deploy redundant SGW-U/UPF instances with automatic failover to maintain service during crashes

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: if running 2.4.0 without the fix commit, system is vulnerable

Check Version:

open5gs --version 2>&1 | grep -i version

Verify Fix Applied:

Verify Open5GS version includes commit a0f2535cb5a29bba6dbbccdb90c74ccd770cc700 and monitor SGW-U/UPF processes for stability

📡 Detection & Monitoring

Log Indicators:

  • SGW-U/UPF process crashes in system logs
  • Abnormal termination messages in Open5GS logs
  • Sudden service interruption alerts

Network Indicators:

  • Unusual packet patterns from UE devices
  • Spike in malformed GTP-U packets
  • Service disruption reports from monitoring systems

SIEM Query:

source="open5gs.log" AND ("crash" OR "segmentation fault" OR "abnormal termination") AND process="sgwu" OR process="upf"

📊 Metadata

CVE ID: CVE-2021-45462
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1284
Published: December 23, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45462, you might also want to check these:

CVE-2024-8887 10.0

CVE-2024-8887 is an authentication bypass vulnerability in CIRCUTOR Q-SMT firmware that allows attac...

Same vulnerability type (CWE-1284)
CVE-2025-55398 9.8

A vulnerability in mouse07410 asn1c through version 0.9.29 allows attackers to bypass INTEGER constr...

Same vulnerability type (CWE-1284)
CVE-2021-31556 9.8

This vulnerability in MediaWiki's OAuth extension allows attackers to cause denial of service or pot...

Same vulnerability type (CWE-1284)