CVE-2024-24424
📋 TL;DR
This vulnerability in Magma's decode_access_point_name_ie function allows attackers to trigger a reachable assertion via crafted NAS packets, causing a Denial of Service (DoS) that crashes the service. It affects Magma deployments up to version 1.8.0, primarily impacting cellular network operators and organizations using Magma for mobile core network functions.
💻 Affected Systems
- Magma
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of Magma's access point name decoding functionality, potentially affecting subscriber connectivity and network operations until service restart.
Likely Case
Service crash requiring manual intervention to restart Magma components, causing temporary service disruption for affected subscribers.
If Mitigated
Limited impact with proper network segmentation and packet filtering preventing malicious NAS packets from reaching vulnerable systems.
🎯 Exploit Status
Exploitation requires knowledge of NAS protocol and ability to send crafted packets to Magma interfaces. No authentication bypass is needed as NAS packets are typically processed without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.9 (specifically commit 08472ba98b8321f802e95f5622fa90fec2dea486)
Vendor Advisory: https://cellularsecurity.org/ransacked
Restart Required: No
Instructions:
1. Update Magma to version 1.9 or later. 2. Apply commit 08472ba98b8321f802e95f5622fa90fec2dea486 if backporting to earlier versions. 3. Verify the fix by checking the version and monitoring for crashes.
🔧 Temporary Workarounds
Network Segmentation and Filtering
allRestrict access to Magma NAS interfaces to trusted network elements only using firewall rules and network segmentation.
iptables -A INPUT -p tcp --dport <magma_port> -s <trusted_ip> -j ACCEPT
iptables -A INPUT -p tcp --dport <magma_port> -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit which systems can send NAS packets to Magma components.
- Deploy intrusion detection systems to monitor for anomalous NAS packet patterns and implement automated alerting for Magma service crashes.
🔍 How to Verify
Check if Vulnerable:
Check Magma version: magma version | grep -i version. If version is 1.8.0 or earlier, the system is vulnerable.Check Version:
magma version | grep -i versionVerify Fix Applied:
Verify version is 1.9 or later: magma version | grep -i version. Monitor system logs for absence of assertion failures in decode_access_point_name_ie function.📡 Detection & Monitoring
Log Indicators:
- Assertion failures in Magma logs mentioning decode_access_point_name_ie
- Magma service crashes or restarts
- Error logs containing 'assertion failed' with stack traces
Network Indicators:
- Unusual NAS packet patterns to Magma interfaces
- High volume of malformed NAS packets
- Traffic from unexpected sources to Magma NAS ports
SIEM Query:
source="magma.log" AND "assertion failed" AND "decode_access_point_name_ie"