CVE-2024-33382
📋 TL;DR
Open5GS v2.7.0 contains a vulnerability where an attacker can cause denial of service by sending 64 unsuccessful UE/gNB registration attempts. This affects all deployments running the vulnerable version of Open5GS, which is used for 5G core network implementations.
💻 Affected Systems
- Open5GS
📦 What is this software?
Open5gs by Open5gs
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of the Open5GS instance, preventing legitimate UE/gNB registrations and potentially affecting 5G network availability.
Likely Case
Temporary service degradation or unavailability of the Open5GS component until the service is restarted or the attack stops.
If Mitigated
Minimal impact with proper rate limiting and monitoring in place to detect and block malicious registration attempts.
🎯 Exploit Status
The vulnerability requires sending 64 unsuccessful registration attempts, which is trivial to automate. No authentication is required to trigger the DoS condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2.7.1 or later
Vendor Advisory: https://github.com/open5gs/open5gs/issues/2733
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Update Open5GS to v2.7.1 or later using package manager or source compilation. 3. Restart all Open5GS services. 4. Verify the fix by checking version and monitoring logs.
🔧 Temporary Workarounds
Rate Limiting Implementation
linuxImplement rate limiting on UE/gNB registration attempts using network firewall or application-level controls.
iptables -A INPUT -p tcp --dport 38412 -m state --state NEW -m recent --set --name open5gs
iptables -A INPUT -p tcp --dport 38412 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 --name open5gs -j DROP
Network Segmentation
linuxRestrict access to Open5GS registration endpoints to trusted networks only.
iptables -A INPUT -p tcp --dport 38412 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 38412 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit which IPs can attempt UE/gNB registrations.
- Deploy monitoring and alerting for repeated failed registration attempts to enable rapid response.
🔍 How to Verify
Check if Vulnerable:
Check Open5GS version: open5gs --version or check package manager. If version is exactly 2.7.0, system is vulnerable.Check Version:
open5gs --version || dpkg -l | grep open5gs || rpm -qa | grep open5gsVerify Fix Applied:
After patching, verify version is 2.7.1 or later and test with controlled registration attempts to ensure service remains available.📡 Detection & Monitoring
Log Indicators:
- Multiple consecutive failed UE/gNB registration attempts (64 or more)
- Service restart events following registration attempts
- Error logs indicating registration processing failures
Network Indicators:
- High volume of registration requests from single source
- Pattern of 64 registration attempts followed by silence
SIEM Query:
source="open5gs.log" ("registration failed" OR "authentication failed") | stats count by src_ip | where count >= 64