CVE-2024-24452
📋 TL;DR
This vulnerability in Athonet vEPC MME allows attackers to cause a denial of service to cellular networks by exploiting improper memory handling in E-RAB Release Indication messages. Attackers can repeatedly initiate connections with crafted payloads to crash the MME service. Organizations using Athonet vEPC MME v11.4.0 for cellular network infrastructure are affected.
💻 Affected Systems
- Athonet vEPC MME
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete cellular network outage in affected coverage area, disrupting voice, data, and emergency services for all subscribers.
Likely Case
Intermittent service disruptions and degraded network performance affecting subscriber connectivity and quality of service.
If Mitigated
Limited impact with service restoration after automatic or manual restart, but potential for repeated attacks.
🎯 Exploit Status
Exploitation requires understanding of 3GPP signaling protocols and ability to craft E-RAB Release Indication messages with invalid ProtocolIE_ID values.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v11.4.1 or later
Vendor Advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04780en_us&docLocale=en_US
Restart Required: Yes
Instructions:
1. Download updated software from HPE support portal. 2. Backup current configuration. 3. Stop MME service. 4. Install updated version. 5. Restart MME service. 6. Verify service functionality.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to MME signaling interfaces to trusted network elements only.
Rate Limiting
allImplement rate limiting on E-RAB Release Indication messages to prevent repeated exploitation attempts.
🧯 If You Can't Patch
- Implement strict network access controls to limit who can send signaling messages to the MME
- Deploy intrusion detection systems to monitor for abnormal E-RAB Release Indication patterns
🔍 How to Verify
Check if Vulnerable:
Check MME software version via vendor management interface or CLI. Vulnerable if version is exactly v11.4.0.Check Version:
Consult Athonet documentation for version check command specific to your deployment.Verify Fix Applied:
Verify MME version is v11.4.1 or later and monitor for service stability during normal signaling traffic.📡 Detection & Monitoring
Log Indicators:
- MME service crashes or restarts
- Abnormal E-RAB Release Indication message counts
- Memory access violation errors in system logs
Network Indicators:
- Unusual patterns of E-RAB Release Indication messages from single sources
- Repeated connection attempts followed by service disruption
SIEM Query:
Search for: (event_source="MME" AND (event_type="crash" OR event_type="restart")) OR (protocol="E-RAB" AND message_type="Release_Indication" AND count>threshold)