CVE-2024-24432
📋 TL;DR
This vulnerability in Open5GS allows attackers to trigger a reachable assertion in the ogs_kdf_hash_mme function by sending a specially crafted NAS packet, causing a Denial of Service (DoS) crash. It affects Open5GS deployments handling cellular network signaling traffic. The impact is limited to service disruption rather than data compromise.
💻 Affected Systems
- Open5GS
📦 What is this software?
Open5gs by Open5gs
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage of the Open5GS MME component, disrupting cellular network connectivity for all users served by that instance.
Likely Case
Service disruption causing dropped connections and failed authentication attempts for cellular devices attempting to attach to the network.
If Mitigated
Minimal impact with proper network segmentation and monitoring that detects and blocks malicious NAS packets before reaching vulnerable systems.
🎯 Exploit Status
Exploitation requires sending a crafted NAS packet to the vulnerable function, which is relatively straightforward for attackers with network access to the MME interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.5 or later
Vendor Advisory: https://github.com/open5gs/open5gs/releases
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Stop Open5GS services. 3. Update to Open5GS 2.6.5 or newer using package manager or source compilation. 4. Restart Open5GS services. 5. Verify service functionality.
🔧 Temporary Workarounds
Network Segmentation
linuxRestrict access to Open5GS MME NAS signaling interfaces to trusted network segments only
iptables -A INPUT -p sctp --dport 36412 -s trusted_network -j ACCEPT
iptables -A INPUT -p sctp --dport 36412 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit which systems can send NAS packets to the MME interface
- Deploy intrusion detection/prevention systems to monitor for anomalous NAS packet patterns and block malicious traffic
🔍 How to Verify
Check if Vulnerable:
Check Open5GS version: open5gs-mmed --version or examine installed package versionCheck Version:
open5gs-mmed --version 2>/dev/null | grep -o 'version [0-9.]*' || dpkg -l | grep open5gs || rpm -qa | grep open5gsVerify Fix Applied:
Confirm version is 2.6.5 or higher and test with normal NAS signaling traffic📡 Detection & Monitoring
Log Indicators:
- Open5GS MME crash logs
- Assertion failure messages containing 'ogs_kdf_hash_mme'
- Abnormal service restarts
Network Indicators:
- Unusual NAS packet patterns from untrusted sources
- SCTP packets to port 36412 with malformed NAS messages
SIEM Query:
source="open5gs.log" AND ("assertion" OR "ogs_kdf_hash_mme" OR "MME crash")