CVE-2023-37014 – CVE-2023-37014 is a denial-of-service vulnerabi... (How to Fix)

Q: How do I fix CVE-2023-37014?

1. Update Open5GS to version 2.6.5 or later. 2. Restart MME service. 3. Verify service is running correctly.

Q: What is the severity of CVE-2023-37014?

CVE-2023-37014 has a CVSS score of 7.5 (HIGH). CVE-2023-37014 is a denial-of-service vulnerability in Open5GS MME where attackers can send malformed S1AP packets to crash the service. This affects cellular network operators using Open5GS MME versions 2.6.4 and earlier. The vulnerability allows remote attackers to disrupt mobile network connectivity.

📋 TL;DR

CVE-2023-37014 is a denial-of-service vulnerability in Open5GS MME where attackers can send malformed S1AP packets to crash the service. This affects cellular network operators using Open5GS MME versions 2.6.4 and earlier. The vulnerability allows remote attackers to disrupt mobile network connectivity.

💻 Affected Systems

Products:

Open5GS MME

Versions: <= 2.6.4

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with S1AP interface exposed and accessible to attackers.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained MME crashes causing complete denial of mobile network services in affected cells, disrupting voice, data, and SMS services for all users.

🟠

Likely Case

Intermittent service disruptions as MME restarts, causing dropped calls, failed connections, and degraded network performance.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring allowing quick detection and response to attack attempts.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires understanding of S1AP protocol and ability to send crafted packets to MME interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.5 or later

Vendor Advisory: https://github.com/open5gs/open5gs/security/advisories

Restart Required: Yes

Instructions:

1. Update Open5GS to version 2.6.5 or later. 2. Restart MME service. 3. Verify service is running correctly.

🔧 Temporary Workarounds

Network Segmentation

Linux

Restrict access to S1AP interface (port 36412) to trusted eNodeBs only using firewall rules.

iptables -A INPUT -p sctp --dport 36412 -s trusted_enodeb_ip -j ACCEPT
iptables -A INPUT -p sctp --dport 36412 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit S1AP interface exposure.
Deploy intrusion detection systems monitoring for malformed S1AP packets and implement rate limiting.

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs-mmed --version. If version <= 2.6.4, system is vulnerable.

Check Version:

open5gs-mmed --version

Verify Fix Applied:

After patching, verify version is >= 2.6.5 and test with legitimate S1AP traffic.

📡 Detection & Monitoring

Log Indicators:

MME process crashes/restarts in system logs
ASN.1 parsing errors in Open5GS logs
Abnormal UE Context Release Request patterns

Network Indicators:

Malformed S1AP packets missing MME_UE_S1AP_ID field
High volume of UE Context Release Requests from single source

SIEM Query:

source="open5gs.log" AND ("assertion" OR "crash" OR "S1AP" AND "malformed")

📊 Metadata

CVE ID: CVE-2023-37014

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.25% exploit probability (48.2th percentile)

Published: January 22, 2025

Last Updated: April 22, 2025

🔗 References

https://cellularsecurity.org/ransacked Exploit,Technical Description,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37014, you might also want to check these: