CVE-2024-24457
📋 TL;DR
CVE-2024-24457 is an out-of-bounds read vulnerability in Athonet vEPC MME software that allows attackers to cause denial of service to cellular networks by sending specially crafted E-RAB Setup List Context SURes messages. This affects cellular network operators using Athonet's virtual Evolved Packet Core technology. The vulnerability can be exploited by sending malicious payloads to the MME component.
💻 Affected Systems
- Athonet vEPC MME
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete disruption of cellular network services in affected areas, preventing voice calls, SMS, and data services for subscribers.
Likely Case
Intermittent service degradation or localized outages affecting network availability and reliability.
If Mitigated
Minimal impact with proper network segmentation and monitoring detecting anomalous connection attempts.
🎯 Exploit Status
Exploitation requires understanding of 3GPP protocols and network access, but no authentication is needed once network access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v11.4.1 or later (check vendor advisory)
Vendor Advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04780en_us&docLocale=en_US
Restart Required: Yes
Instructions:
1. Review vendor advisory for specific patch version. 2. Backup current configuration. 3. Apply vendor-provided patch/update. 4. Restart MME service. 5. Verify service restoration and monitor for issues.
🔧 Temporary Workarounds
Network Segmentation
linuxRestrict access to MME interfaces to only authorized network elements using firewall rules.
# Example iptables rule to restrict MME port access
iptables -A INPUT -p tcp --dport <MME_PORT> -s <TRUSTED_SUBNET> -j ACCEPT
iptables -A INPUT -p tcp --dport <MME_PORT> -j DROP
Rate Limiting
linuxImplement connection rate limiting to prevent repeated malicious connection attempts.
# Example using iptables for connection limiting
iptables -A INPUT -p tcp --dport <MME_PORT> -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport <MME_PORT> -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit which systems can communicate with the MME component.
- Deploy intrusion detection systems to monitor for anomalous connection patterns and crafted payload attempts.
🔍 How to Verify
Check if Vulnerable:
Check Athonet vEPC MME version using vendor-specific commands or management interface. Version v11.4.0 is vulnerable.Check Version:
# Check with vendor-specific tools or management interface
# Consult Athonet documentation for exact version check commandVerify Fix Applied:
Verify version is updated to v11.4.1 or later per vendor advisory, and monitor for service stability after patch application.📡 Detection & Monitoring
Log Indicators:
- Unusual spike in connection attempts to MME
- MME service crashes or restarts
- Error logs mentioning ProtocolIE_ID handling failures
Network Indicators:
- Abnormal volume of E-RAB Setup List Context SURes messages
- Repeated connection attempts from single sources
- Malformed protocol messages to MME ports
SIEM Query:
source="MME_logs" AND ("ProtocolIE_ID" OR "E-RAB Setup" OR "service restart") | stats count by src_ip