CVE-2023-37023 – CVE-2023-37023 is a denial-of-service vulnerabi... (How to Fix)

Q: How do I fix CVE-2023-37023?

1. Backup current configuration. 2. Stop Open5GS services. 3. Update to Open5GS version 2.6.5 or later. 4. Restart Open5GS services. 5. Verify service functionality.

Q: What is the severity of CVE-2023-37023?

CVE-2023-37023 has a CVSS score of 8.6 (HIGH). CVE-2023-37023 is a denial-of-service vulnerability in Open5GS MME where specially crafted Uplink NAS Transport packets without the MME_UE_S1AP_ID field cause the service to crash via a reachable assertion. This affects cellular network operators and organizations using Open5GS for 4G/5G core network testing or deployment. Attackers can repeatedly send malicious packets to disrupt mobile network connectivity.

📋 TL;DR

CVE-2023-37023 is a denial-of-service vulnerability in Open5GS MME where specially crafted Uplink NAS Transport packets without the MME_UE_S1AP_ID field cause the service to crash via a reachable assertion. This affects cellular network operators and organizations using Open5GS for 4G/5G core network testing or deployment. Attackers can repeatedly send malicious packets to disrupt mobile network connectivity.

💻 Affected Systems

Products:

Open5GS MME

Versions: <= 2.6.4

Operating Systems: Linux, BSD-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using vulnerable Open5GS MME versions are affected regardless of configuration.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of mobile network services in affected cells, preventing voice, data, and SMS services for all users in the impacted area until service restoration.

🟠

Likely Case

Intermittent service outages affecting mobile users, potentially causing dropped calls, failed data sessions, and degraded network performance.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, allowing quick detection and isolation of attack traffic.

🌐 Internet-Facing: MEDIUM - While MME interfaces are typically not directly internet-facing, they may be exposed in certain network architectures or through misconfigurations.

🏢 Internal Only: HIGH - The MME is a critical internal network component; authenticated attackers or compromised internal systems can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires network access to the MME interface and knowledge of NAS protocol. No authentication bypass is needed once network access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.5 and later

Vendor Advisory: https://github.com/open5gs/open5gs/releases

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Stop Open5GS services. 3. Update to Open5GS version 2.6.5 or later. 4. Restart Open5GS services. 5. Verify service functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to MME interfaces to only authorized network elements using firewall rules.

Rate Limiting

linux

Implement rate limiting on SCTP port 36412 to limit impact of DoS attempts.

iptables -A INPUT -p sctp --dport 36412 -m limit --limit 100/minute -j ACCEPT
iptables -A INPUT -p sctp --dport 36412 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to MME interfaces
Deploy intrusion detection systems to monitor for malicious NAS packets

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs-mmed --version. If version <= 2.6.4, system is vulnerable.

Check Version:

open5gs-mmed --version

Verify Fix Applied:

Verify version is >= 2.6.5 and monitor system logs for crashes after applying patch.

📡 Detection & Monitoring

Log Indicators:

MME process crashes
Assertion failures in logs
Unexpected service restarts
Error messages about missing MME_UE_S1AP_ID

Network Indicators:

Unusual volume of Uplink NAS Transport packets
Packets missing expected fields
SCTP traffic spikes to port 36412

SIEM Query:

source="open5gs.log" AND ("assertion" OR "crash" OR "MME_UE_S1AP_ID missing")

📊 Metadata

CVE ID: CVE-2023-37023

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-617

EPSS Score: 0.1% exploit probability (27.8th percentile)

Published: January 22, 2025

Last Updated: April 22, 2025

🔗 References

https://cellularsecurity.org/ransacked Exploit,Technical Description,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37023, you might also want to check these: