CVE-2024-24451
📋 TL;DR
A stack overflow vulnerability in OpenAirInterface's 5G AMF component allows attackers to cause denial of service by repeatedly establishing SCTP connections. This affects 5G core network deployments using vulnerable versions of oai-cn5g-amf, potentially disrupting mobile network services.
💻 Affected Systems
- OpenAirInterface CN5G AMF (oai-cn5g-amf)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete AMF service outage leading to 5G network unavailability for affected subscribers, preventing device registration and mobility management.
Likely Case
Service degradation or intermittent AMF crashes causing dropped connections and failed handovers in the 5G network.
If Mitigated
Limited impact with proper network segmentation and connection rate limiting, potentially causing only temporary service interruptions.
🎯 Exploit Status
Requires ability to establish SCTP connections to the AMF's N2 interface; no authentication bypass needed but requires network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after v2.0.0
Vendor Advisory: http://openairinterface.com
Restart Required: No
Instructions:
1. Check current version with 'amf --version'. 2. Update to latest version from OpenAirInterface repository. 3. Recompile and redeploy AMF component. 4. Verify fix with connection stress testing.
🔧 Temporary Workarounds
SCTP Connection Rate Limiting
LinuxImplement network-level rate limiting on SCTP connections to the AMF N2 interface
iptables -A INPUT -p sctp --dport 38412 -m limit --limit 10/second -j ACCEPT
iptables -A INPUT -p sctp --dport 38412 -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to limit access to AMF N2 interface only to authorized RAN nodes
- Deploy intrusion prevention systems with SCTP flood detection capabilities
🔍 How to Verify
Check if Vulnerable:
Check AMF version: if running oai-cn5g-amf version <= 2.0.0 and using SCTP N2 interface, system is vulnerable.Check Version:
amf --version 2>/dev/null || grep -i version /path/to/amf/logs/configVerify Fix Applied:
After update, verify version > 2.0.0 and perform SCTP connection stress testing to confirm no stack overflow occurs.📡 Detection & Monitoring
Log Indicators:
- AMF crash logs with stack overflow errors
- Repeated SCTP connection attempts from single source
- AMF process restarts in system logs
Network Indicators:
- High volume of SCTP INIT packets to AMF port
- SCTP connection attempts exceeding normal RAN patterns
SIEM Query:
source="amf.logs" AND ("stack overflow" OR "segmentation fault" OR "SCTP flood")