CVE-2024-25009
📋 TL;DR
Ericsson Packet Core Controller (PCC) has an input validation vulnerability in its Access and Mobility Management Function (AMF) that allows attackers to cause denial of service through malformed requests. This affects mobile network operators using Ericsson PCC for 5G core network functions. Successful exploitation can degrade or disrupt mobile service availability.
💻 Affected Systems
- Ericsson Packet Core Controller (PCC)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete AMF service disruption causing widespread mobile network outages, preventing subscribers from accessing voice, data, and emergency services.
Likely Case
Service degradation affecting specific network segments or subscriber groups, resulting in dropped calls, slow data speeds, and intermittent connectivity issues.
If Mitigated
Minimal impact with proper network segmentation, rate limiting, and monitoring in place to detect and block malicious traffic patterns.
🎯 Exploit Status
CWE-20 vulnerabilities typically require sending malformed packets to vulnerable interfaces; no public exploit details available
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in public bulletin; contact Ericsson support
Vendor Advisory: https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-ericsson-packet-core-controller-pcc-august-2024
Restart Required: Yes
Instructions:
1. Contact Ericsson support for specific patch information
2. Schedule maintenance window for PCC upgrade
3. Apply vendor-provided patch/update
4. Restart affected PCC components
5. Verify AMF functionality post-update
🔧 Temporary Workarounds
Network Traffic Filtering
allImplement network-level filtering to block malformed packets targeting AMF interfaces
Rate Limiting
allApply rate limiting on AMF interfaces to prevent flood attacks
🧯 If You Can't Patch
- Implement strict network segmentation to isolate PCC components from untrusted networks
- Deploy intrusion prevention systems with CWE-20 detection rules to block exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check PCC version against Ericsson's affected version list; monitor AMF logs for malformed packet errorsCheck Version:
Use Ericsson PCC management interface or CLI commands specific to your deploymentVerify Fix Applied:
Verify patch installation via vendor tools; test AMF with legitimate traffic to confirm stability📡 Detection & Monitoring
Log Indicators:
- AMF error logs showing malformed packet rejection
- Unusual spike in AMF processing errors
- AMF service restart events
Network Indicators:
- Abnormal packet patterns to AMF ports
- Traffic spikes from single sources to AMF interfaces
SIEM Query:
source="pcc-amf-logs" AND (error="malformed" OR error="validation") | stats count by src_ip