CVE-2024-24444

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in OpenAirInterface CN5G AMF allows attackers to cause denial of service by repeatedly establishing SCTP connections with the N2 interface. The improper handling of closed connections leads to resource exhaustion, affecting all deployments using vulnerable versions of oai-cn5g-amf.

💻 Affected Systems

Products:

• OpenAirInterface CN5G AMF (oai-cn5g-amf)

Versions: All versions up to v2.0.0

Operating Systems: Linux-based systems running OpenAirInterface

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments with N2 interface exposed and SCTP connections enabled.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of the AMF component, preventing 5G network access for all users served by the affected instance.

🟠

Likely Case

Degraded performance and intermittent service outages as connection resources are exhausted.

🟢

If Mitigated

Minimal impact with proper network segmentation and connection rate limiting in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires ability to establish SCTP connections to the N2 interface, which is typically network-accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.0.1 or later

Vendor Advisory: http://openairinterface.com

Restart Required: Yes

Instructions:

1. Download latest version from OpenAirInterface repository. 2. Replace vulnerable oai-cn5g-amf component. 3. Restart AMF service.

🔧 Temporary Workarounds

Implement SCTP connection rate limiting

Linux

Limit the rate of incoming SCTP connections using firewall rules or network controls

Copy

iptables -A INPUT -p sctp --dport 38412 -m limit --limit 10/min -j ACCEPT
iptables -A INPUT -p sctp --dport 38412 -j DROP

🧯 If You Can't Patch

• Implement strict network segmentation to limit access to N2 interface
• Deploy intrusion prevention system with SCTP connection flood detection

🔍 How to Verify

Check if Vulnerable:

Copy

Check oai-cn5g-amf version: if version <= 2.0.0 and N2 interface is exposed, system is vulnerable.

Check Version:

Copy

oai-cn5g-amf --version

Verify Fix Applied:

Copy

Verify oai-cn5g-amf version is >= 2.0.1 and monitor for connection exhaustion events.

📡 Detection & Monitoring

Log Indicators:

• Unusually high SCTP connection establishment rates
• AMF service restart events
• Connection resource exhaustion warnings

Network Indicators:

• High volume of SCTP INIT packets to port 38412
• Repeated connection attempts from single sources

SIEM Query:

Copy

source="amf.log" AND ("connection limit" OR "resource exhausted" OR "SCTP flood")

📊 Metadata

CVE ID: CVE-2024-24444

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-775

EPSS Score: 0.25% exploit probability (48.4th percentile)

Published: January 21, 2025

Last Updated: February 10, 2025

🔗 References

• http://openairinterface.com
• https://cellularsecurity.org/ransacked
• https://cellularsecurity.org/ransacked

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON