CVE-2024-24426
📋 TL;DR
This vulnerability allows attackers to cause denial of service in OpenAirInterface Magma and OAI EPC Federation by sending specially crafted NGAP packets. The reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function can crash the service, affecting telecommunications infrastructure using these specific versions.
💻 Affected Systems
- OpenAirInterface Magma
- OAI EPC Federation
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of cellular network functions, preventing user connectivity and network operations.
Likely Case
Service crashes requiring manual restart, causing temporary service outages.
If Mitigated
Limited impact with proper network segmentation and monitoring, allowing quick detection and recovery.
🎯 Exploit Status
Crafting NGAP packets requires protocol knowledge but tools exist.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check latest releases on GitHub repositories
Vendor Advisory: https://github.com/OPENAIRINTERFACE/openair-epc-fed and https://github.com/magma/magma
Restart Required: Yes
Instructions:
1. Check current version. 2. Update to latest release from official repositories. 3. Restart affected services. 4. Verify fix.
🔧 Temporary Workarounds
Network Segmentation
linuxRestrict access to NGAP interfaces using firewall rules
iptables -A INPUT -p sctp --dport 38412 -j DROP
ufw deny 38412
Rate Limiting
linuxLimit NGAP packet rate to reduce DoS impact
iptables -A INPUT -p sctp --dport 38412 -m limit --limit 10/second -j ACCEPT
iptables -A INPUT -p sctp --dport 38412 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to NGAP interfaces
- Deploy intrusion detection systems monitoring for abnormal NGAP traffic
🔍 How to Verify
Check if Vulnerable:
Check version numbers: Magma v1.8.0 or OAI EPC Federation v1.2.0Check Version:
magma version or check package manager for installed versionVerify Fix Applied:
Verify version is updated beyond affected versions and test with normal NGAP traffic📡 Detection & Monitoring
Log Indicators:
- Service crashes
- Assertion failures in logs
- NGAP protocol errors
Network Indicators:
- Abnormal NGAP packet patterns
- High rate of NGAP requests
- SCTP port 38412 anomalies
SIEM Query:
source="magma.log" AND ("assertion" OR "crash" OR "NGAP")