Login Sign Up

CVE-2023-46324

7.5 HIGH

📋 TL;DR

This vulnerability in free5GC UDM allows an invalid curve attack when using Go versions before 1.19. An attacker can send arbitrary SUCIs (Subscription Concealed Identifiers) to the UDM, which then attempts decryption using both its private key and the attacker's public key without proper validation. This affects free5GC UDM deployments running vulnerable versions with Go <1.19.

💻 Affected Systems

Products:
  • free5GC UDM
Versions: All versions before 1.2.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when using Go versions before 1.19. The vulnerability is in the SUCIs decryption component.

📦 What is this software?

Udm by Free5gc

View all CVEs affecting Udm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Private key compromise leading to decryption of sensitive subscriber data, authentication bypass, and potential 5G network compromise.

🟠

Likely Case

Information disclosure of subscriber identifiers and potential denial of service through resource exhaustion.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though risk remains if vulnerable components are exposed.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Attack requires sending specially crafted SUCIs to the UDM endpoint. The vulnerability is well-documented with technical details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.0

Vendor Advisory: https://github.com/free5gc/udm/pull/20

Restart Required: Yes

Instructions:

1. Update free5GC UDM to version 1.2.0 or later. 2. Ensure Go version 1.19 or later is installed. 3. Restart the UDM service.

🔧 Temporary Workarounds

Upgrade Go Runtime

linux

Update Go to version 1.19 or later which includes fixes for elliptic curve validation.

go version
sudo apt-get update && sudo apt-get install golang-1.19

Network Segmentation

all

Restrict access to UDM SUCIs endpoints to trusted networks only.

🧯 If You Can't Patch

  • Implement strict network access controls to limit UDM exposure to untrusted networks.
  • Deploy intrusion detection systems to monitor for anomalous SUCIs traffic patterns.

🔍 How to Verify

Check if Vulnerable:

Check UDM version and Go version: 1. Verify UDM version <1.2.0. 2. Verify Go version <1.19.

Check Version:

udm --version && go version

Verify Fix Applied:

Confirm UDM version >=1.2.0 and Go version >=1.19 are installed and running.

📡 Detection & Monitoring

Log Indicators:

  • Unusual volume of SUCIs decryption requests
  • Failed decryption attempts with malformed public keys
  • Errors in suci.go related to elliptic curve operations

Network Indicators:

  • High frequency of SUCIs messages to UDM endpoints
  • Unusual source IPs sending SUCIs requests

SIEM Query:

source="udm.log" AND ("SUCI" OR "decryption" OR "elliptic") AND ("error" OR "failed" OR "invalid")

📊 Metadata

CVE ID: CVE-2023-46324
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-347
Published: October 23, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46324, you might also want to check these:

CVE-2022-24884 10.0

This vulnerability in ecdsautils allows attackers to forge ECDSA signatures by providing zero-value ...

Same vulnerability type (CWE-347)
CVE-2023-25574 10.0

CVE-2023-25574 is a critical authentication bypass vulnerability in jupyterhub-ltiauthenticator's LT...

Same vulnerability type (CWE-347)
CVE-2024-45409 10.0

CVE-2024-45409 is a critical authentication bypass vulnerability in the Ruby SAML library where SAML...

Same vulnerability type (CWE-347)