CVE-2024-24428
📋 TL;DR
A reachable assertion vulnerability in Open5GS's 5GMM decoding function allows attackers to cause denial of service by sending specially crafted NGAP packets. This affects Open5GS deployments up to version 2.6.4, potentially disrupting 5G core network services.
💻 Affected Systems
- Open5GS
📦 What is this software?
Open5gs by Open5gs
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of the Open5GS core network component, causing 5G service outages for all connected devices.
Likely Case
Targeted DoS attacks against specific Open5GS instances, causing temporary service interruptions until the process restarts.
If Mitigated
Limited impact with proper network segmentation and monitoring, allowing quick detection and recovery.
🎯 Exploit Status
Exploitation requires crafting NGAP packets but no authentication is needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.5 or later
Vendor Advisory: https://github.com/open5gs/open5gs/releases
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Update Open5GS to version 2.6.5 or later. 3. Restart Open5GS services. 4. Verify service functionality.
🔧 Temporary Workarounds
Network Filtering
allImplement network ACLs to restrict NGAP packet sources to trusted entities only.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Open5GS from untrusted networks.
- Deploy intrusion detection systems to monitor for anomalous NGAP traffic patterns.
🔍 How to Verify
Check if Vulnerable:
Check Open5GS version with: open5gs --versionCheck Version:
open5gs --versionVerify Fix Applied:
Confirm version is 2.6.5 or later and monitor for assertion failures in logs.📡 Detection & Monitoring
Log Indicators:
- Assertion failures in Open5GS logs
- Process crashes with oai_nas_5gmm_decode references
Network Indicators:
- Unusual NGAP packet patterns
- Spike in malformed 5G signaling traffic
SIEM Query:
source="open5gs.log" AND ("assertion" OR "oai_nas_5gmm_decode")