CVE-2024-34235 – CVE-2024-34235 is a remotely triggerable assert... (How to Fix)

Q: How do I fix CVE-2024-34235?

1. Update Open5GS to version 2.6.5 or later. 2. Restart MME service. 3. Verify service is running correctly.

Q: What is the severity of CVE-2024-34235?

CVE-2024-34235 has a CVSS score of 8.6 (HIGH). CVE-2024-34235 is a remotely triggerable assertion vulnerability in Open5GS MME that allows denial of service attacks. Attackers can send malformed S1AP packets to crash the MME service repeatedly. This affects all Open5GS deployments using vulnerable MME versions.

📋 TL;DR

CVE-2024-34235 is a remotely triggerable assertion vulnerability in Open5GS MME that allows denial of service attacks. Attackers can send malformed S1AP packets to crash the MME service repeatedly. This affects all Open5GS deployments using vulnerable MME versions.

💻 Affected Systems

Products:

Open5GS MME

Versions: <= 2.6.4

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects MME component; other Open5GS components are not vulnerable. Requires S1AP interface exposure to attacker.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained MME crashes causing complete cellular network service disruption for affected subscribers, potentially affecting emergency services and critical communications.

🟠

Likely Case

Intermittent MME service crashes leading to dropped connections, failed registrations, and degraded network availability for users.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though service interruptions may still occur during attacks.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires knowledge of S1AP protocol and ability to send packets to MME interface. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.5 or later

Vendor Advisory: https://github.com/open5gs/open5gs/security/advisories

Restart Required: Yes

Instructions:

1. Update Open5GS to version 2.6.5 or later. 2. Restart MME service. 3. Verify service is running correctly.

🔧 Temporary Workarounds

Network Segmentation

Linux

Restrict S1AP interface access to trusted eNodeBs only using firewall rules.

iptables -A INPUT -p sctp --dport 36412 -s trusted_enodeb_ip -j ACCEPT
iptables -A INPUT -p sctp --dport 36412 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit S1AP interface exposure to only authorized eNodeBs.
Deploy intrusion detection systems to monitor for malformed S1AP packets and alert on MME crashes.

🔍 How to Verify

Check if Vulnerable:

Check Open5GS MME version: open5gs-mmed --version

Check Version:

open5gs-mmed --version | grep -o 'version [0-9.]*'

Verify Fix Applied:

Verify version is 2.6.5 or later and MME service remains stable under normal S1AP traffic.

📡 Detection & Monitoring

Log Indicators:

MME process crashes in system logs
Assertion failures in Open5GS logs
Repeated MME service restarts

Network Indicators:

Unusual S1AP packets from untrusted sources
Initial UE Messages missing NAS_PDU field

SIEM Query:

source="open5gs.log" AND ("assertion" OR "crash" OR "abort") AND process="mmed"

📊 Metadata

CVE ID: CVE-2024-34235

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-617

EPSS Score: 0.09% exploit probability (26.5th percentile)

Published: January 22, 2025

Last Updated: April 22, 2025

🔗 References

https://cellularsecurity.org/ransacked Exploit,Technical Description,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34235, you might also want to check these: