CVE-2024-24450
📋 TL;DR
A stack-based buffer overflow vulnerability in OpenAirInterface's 5G AMF component allows remote attackers with N2 interface access to cause denial of service or potentially execute arbitrary code. The vulnerability occurs when processing PDU Session Resource Setup Response messages with oversized FailedToSetupList information elements. This affects 5G network operators using vulnerable OpenAirInterface deployments.
💻 Affected Systems
- OpenAirInterface CN5G AMF
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete compromise of the AMF, potential lateral movement within the 5G core network, and disruption of cellular services.
Likely Case
Denial of service causing AMF crashes and service disruption for affected subscribers, requiring manual restart of the AMF component.
If Mitigated
Limited impact with proper network segmentation and N2 interface restrictions, potentially causing only temporary service degradation.
🎯 Exploit Status
Exploitation requires access to the N2 interface and knowledge of 5G protocol specifics. Attackers need to craft malicious NGAP messages.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: > 2.0.0
Vendor Advisory: https://openairinterface.org/
Restart Required: Yes
Instructions:
1. Upgrade OpenAirInterface CN5G AMF to version > 2.0.0. 2. Restart the AMF service. 3. Verify the patch is applied by checking version and monitoring for crashes.
🔧 Temporary Workarounds
N2 Interface Restriction
linuxRestrict N2 interface access to trusted gNBs only using firewall rules
iptables -A INPUT -p sctp --dport 38412 -s trusted_gNB_ip -j ACCEPT
iptables -A INPUT -p sctp --dport 38412 -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the N2 interface from untrusted networks
- Deploy intrusion detection systems to monitor for anomalous NGAP message patterns
🔍 How to Verify
Check if Vulnerable:
Check OpenAirInterface AMF version: if <= 2.0.0 and N2 interface is exposed, system is vulnerableCheck Version:
grep 'AMF_VERSION' /path/to/amf/config/files or check build informationVerify Fix Applied:
Verify AMF version is > 2.0.0 and monitor for crashes after processing PDU Session Resource Setup Response messages📡 Detection & Monitoring
Log Indicators:
- AMF process crashes
- Segmentation fault errors in logs
- Abnormal NGAP message size warnings
Network Indicators:
- Oversized NGAP messages on N2 interface
- Multiple PDU Session Resource Setup Response messages with large FailedToSetupList IEs
SIEM Query:
source="amf.log" AND ("segmentation fault" OR "buffer overflow" OR "stack overflow")