Login Sign Up

CVE-2023-37029

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2023-37029 allows attackers to cause denial of service by sending oversized NAS packets to Magma MME, crashing it via assertion failure. This affects Magma cellular core network deployments running versions 1.8.0 or earlier. Attackers can exploit this from compromised base stations or unauthenticated devices within range.

💻 Affected Systems

Products:
  • Magma MME (Mobility Management Entity)
Versions: <= 1.8.0
Operating Systems: Linux (Magma typically runs on Linux-based systems)
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments using vulnerable Magma versions are affected regardless of configuration.

📦 What is this software?

Magma by Linuxfoundation

View all CVEs affecting Magma →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained MME crashes causing complete cellular service disruption for affected base stations, potentially affecting thousands of users.

🟠

Likely Case

Intermittent service outages as attackers periodically crash MME, degrading cellular network reliability.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring to detect and block malicious traffic.

🌐 Internet-Facing: LOW (MME typically not directly internet-facing, but accessible via cellular interfaces)
🏢 Internal Only: HIGH (Attackers can exploit from within cellular network via base stations or devices)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires ability to send NAS packets to MME via cellular interface, either from compromised base station or spoofed device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9 (specifically commit 08472ba98b8321f802e95f5622fa90fec2dea486)

Vendor Advisory: https://cellularsecurity.org/ransacked

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Update Magma to version 1.9 or later. 3. Restart MME service. 4. Verify service functionality.

🔧 Temporary Workarounds

Network Traffic Filtering

linux

Implement packet filtering to block oversized NAS packets at network perimeter

# Example iptables rule (adjust interface/ports):
iptables -A INPUT -p sctp --dport 36412 -m length --length 2000:65535 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate MME from untrusted base stations
  • Deploy intrusion detection systems to monitor for abnormal NAS packet sizes and block malicious sources

🔍 How to Verify

Check if Vulnerable:

Check Magma version: magma version | grep -i version

Check Version:

magma version

Verify Fix Applied:

Verify version is >=1.9 and check MME logs for successful startup without assertion failures

📡 Detection & Monitoring

Log Indicators:

  • MME assertion failures
  • Process crashes with NAS packet handling errors
  • Repeated MME service restarts

Network Indicators:

  • Unusually large NAS packets (> typical MTU)
  • SCTP packets with abnormal payload sizes to port 36412

SIEM Query:

source="magma_mme.log" AND ("assertion" OR "crash" OR "abort") AND "NAS"

📊 Metadata

CVE ID: CVE-2023-37029
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-617
EPSS Score: 0.15% exploit probability (35.1th percentile)
Published: January 21, 2025
Last Updated: January 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37029, you might also want to check these:

CVE-2023-37015 8.6

This vulnerability allows remote attackers to cause denial of service by sending malformed ASN.1 pac...

Same vulnerability type (CWE-617)
CVE-2023-37016 8.6

CVE-2023-37016 is a remotely triggerable assertion vulnerability in Open5GS MME that allows denial o...

Same vulnerability type (CWE-617)
CVE-2023-37017 8.6

Open5GS MME versions up to 2.6.4 contain a remotely triggerable assertion via malformed ASN.1 packet...

Same vulnerability type (CWE-617)