CVE-2024-34045
📋 TL;DR
This vulnerability is a denial-of-service flaw in O-RAN E2T's SCTP thread implementation where a malformed E2setup message can cause a crash when incrementing Prometheus metrics. It affects O-RAN deployments using vulnerable E2T components, potentially disrupting radio access network operations.
💻 Affected Systems
- O-RAN E2T (E2 Termination)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of the E2T component, causing loss of connectivity between O-RAN components and potentially affecting cellular network availability in the affected area.
Likely Case
Service interruption of the E2T component requiring restart, causing temporary disruption to O-RAN operations until service is restored.
If Mitigated
Isolated component failure with minimal impact due to redundancy and proper monitoring/automated recovery mechanisms.
🎯 Exploit Status
Exploitation requires network access to E2T SCTP interface. No authentication needed for the vulnerable function call.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check O-RAN SC RIC-1047 for specific fixed versions
Vendor Advisory: https://jira.o-ran-sc.org/browse/RIC-1047
Restart Required: Yes
Instructions:
1. Check O-RAN SC RIC-1047 for patch details. 2. Apply the provided fix to sctpThread.cpp. 3. Rebuild and redeploy E2T component. 4. Restart E2T service.
🔧 Temporary Workarounds
Network segmentation
linuxRestrict access to E2T SCTP interface to only trusted O-RAN components
iptables -A INPUT -p sctp --dport [E2T_PORT] -s [TRUSTED_SUBNET] -j ACCEPT
iptables -A INPUT -p sctp --dport [E2T_PORT] -j DROP
Monitoring and automated recovery
linuxImplement monitoring for E2T crashes with automated restart procedures
systemctl enable e2t-monitor.service
Create watchdog script to restart E2T if crashes detected
🧯 If You Can't Patch
- Implement strict network access controls to limit which systems can communicate with E2T SCTP interface
- Deploy redundant E2T instances with load balancing to maintain service if one instance crashes
🔍 How to Verify
Check if Vulnerable:
Check E2T version against patched versions in RIC-1047. Monitor for crashes in sctpThread.cpp when processing E2setup messages.Check Version:
Check E2T component version through administrative interface or configuration files specific to O-RAN deploymentVerify Fix Applied:
Test with malformed E2setup messages to confirm E2T no longer crashes. Verify Prometheus metrics increment properly without issues.📡 Detection & Monitoring
Log Indicators:
- E2T process crashes
- SCTP thread termination errors
- Prometheus metric collection failures
- Segmentation faults in sctpThread.cpp
Network Indicators:
- Unusual SCTP traffic patterns to E2T port
- Multiple E2setup messages from single source
SIEM Query:
source="e2t.logs" AND ("segmentation fault" OR "sctpThread" OR "E2setup" AND "crash")