CVE-2024-24445
📋 TL;DR
OpenAirInterface CN5G AMF versions up to 2.0.0 contain a null pointer dereference vulnerability when processing unsupported NGAP protocol messages. An attacker with network-adjacent access can crash the AMF service, causing denial of service for 5G core network functions. This affects all deployments using vulnerable oai-cn5g-amf software.
💻 Affected Systems
- OpenAirInterface CN5G AMF (oai-cn5g-amf)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete AMF service crash leading to loss of 5G network registration and mobility management for all connected devices in the affected area.
Likely Case
Service disruption requiring AMF restart, causing temporary loss of 5G connectivity for users until service is restored.
If Mitigated
Limited impact if network segmentation prevents adjacent attacker access, though service could still crash from legitimate but malformed traffic.
🎯 Exploit Status
Exploitation requires sending specially crafted NGAP messages but doesn't require authentication. The vulnerability is simple to trigger once an attacker has network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: > 2.0.0
Vendor Advisory: http://openairinterface.com
Restart Required: Yes
Instructions:
1. Check current version with 'amf --version'. 2. Update to latest version from OpenAirInterface repository. 3. Restart AMF service with 'systemctl restart oai-amf' or equivalent.
🔧 Temporary Workarounds
Network Segmentation
linuxRestrict network access to AMF service to only authorized 5G core components
iptables -A INPUT -p sctp --dport 38412 -s <trusted_gNB_IP> -j ACCEPT
iptables -A INPUT -p sctp --dport 38412 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit AMF exposure to only necessary gNBs and core components.
- Deploy intrusion detection systems to monitor for unusual NGAP message patterns and implement rate limiting.
🔍 How to Verify
Check if Vulnerable:
Check AMF version with 'amf --version' or examine package version. If version is 2.0.0 or earlier, system is vulnerable.Check Version:
amf --versionVerify Fix Applied:
After patching, verify version is >2.0.0 and test with legitimate NGAP traffic to ensure AMF remains stable.📡 Detection & Monitoring
Log Indicators:
- AMF crash logs
- Segmentation fault errors in system logs
- Unexpected AMF service restarts
Network Indicators:
- Unusual NGAP message patterns
- SCTP connections with malformed procedure codes
- Sudden drop in AMF service availability
SIEM Query:
source="amf.log" AND ("segmentation fault" OR "null pointer" OR "unsupported procedure")