CVE-2024-24430 – This vulnerability in Open5GS allows attackers ... (How to Fix)

Q: How do I fix CVE-2024-24430?

1. Backup current configuration. 2. Stop Open5GS services. 3. Upgrade to Open5GS 2.6.5 or later. 4. Verify configuration compatibility. 5. Restart Open5GS services.

Q: What is the severity of CVE-2024-24430?

CVE-2024-24430 has a CVSS score of 7.5 (HIGH). This vulnerability in Open5GS allows attackers to trigger a reachable assertion in the mme_ue_find_by_imsi function by sending a specially crafted NAS packet, causing a Denial of Service (DoS) that crashes the MME component. It affects all deployments running Open5GS versions up to and including 2.6.4. Mobile network operators and organizations using Open5GS for 4G/5G core networks are impacted.

📋 TL;DR

This vulnerability in Open5GS allows attackers to trigger a reachable assertion in the mme_ue_find_by_imsi function by sending a specially crafted NAS packet, causing a Denial of Service (DoS) that crashes the MME component. It affects all deployments running Open5GS versions up to and including 2.6.4. Mobile network operators and organizations using Open5GS for 4G/5G core networks are impacted.

💻 Affected Systems

Products:

Open5GS

Versions: <= 2.6.4

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: All Open5GS deployments with MME functionality enabled are vulnerable. The vulnerability is in the core MME component that handles NAS signaling.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of the mobile network's MME component, preventing new device attachments and mobility management functions across the entire network segment.

🟠

Likely Case

Targeted DoS attacks against specific MME instances causing service interruptions for users served by those instances, requiring manual restart of affected components.

🟢

If Mitigated

Limited impact to isolated MME instances with proper segmentation and redundancy, allowing traffic to fail over to unaffected instances.

🌐 Internet-Facing: MEDIUM - While the MME typically sits behind multiple network layers, NAS packets can originate from user equipment and traverse through network interfaces.

🏢 Internal Only: HIGH - The vulnerability is triggered by NAS packets which are core network protocol messages that flow within the mobile network infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a specific NAS packet but does not require authentication. Attackers need network access to send packets to the MME interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.5 or later

Vendor Advisory: https://open5gs.org/

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Stop Open5GS services. 3. Upgrade to Open5GS 2.6.5 or later. 4. Verify configuration compatibility. 5. Restart Open5GS services.

🔧 Temporary Workarounds

Network Segmentation

Linux

Restrict access to MME NAS interfaces to trusted network segments only

iptables -A INPUT -p sctp --dport 36412 -s trusted_network -j ACCEPT
iptables -A INPUT -p sctp --dport 36412 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit which devices can send NAS packets to the MME
Deploy redundant MME instances with load balancing to maintain service during potential DoS events

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version with: open5gs-mmed --version

Check Version:

open5gs-mmed --version | grep -o '[0-9]\+\.[0-9]\+\.[0-9]\+'

Verify Fix Applied:

Verify version is 2.6.5 or later and monitor MME logs for assertion failures

📡 Detection & Monitoring

Log Indicators:

MME process crashes with assertion failure messages
Error logs containing 'mme_ue_find_by_imsi' and assertion failure
Increased restart frequency of mmed service

Network Indicators:

Unusual NAS packet patterns targeting MME
SCTP packets with malformed NAS messages to port 36412

SIEM Query:

process:open5gs-mmed AND (event:crash OR log_message:"assertion fail*")

📊 Metadata

CVE ID: CVE-2024-24430

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-617

EPSS Score: 0.1% exploit probability (27.8th percentile)

Published: January 22, 2025

Last Updated: April 22, 2025

🔗 References

https://cellularsecurity.org/ransacked Exploit,Technical Description,Third Party Advisory
https://cellularsecurity.org/ransacked Exploit,Technical Description,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24430, you might also want to check these: