CVE-2024-51179 – A denial-of-service vulnerability in Open 5GS a... (How to Fix)

Q: What is the severity of CVE-2024-51179?

CVE-2024-51179 has a CVSS score of 7.5 (HIGH). A denial-of-service vulnerability in Open 5GS allows remote attackers to disrupt PDU session establishment by targeting NFV components like UPF and SMF. This affects Open 5GS deployments handling 5G network functions, potentially impacting service availability for connected devices.

📋 TL;DR

A denial-of-service vulnerability in Open 5GS allows remote attackers to disrupt PDU session establishment by targeting NFV components like UPF and SMF. This affects Open 5GS deployments handling 5G network functions, potentially impacting service availability for connected devices.

💻 Affected Systems

Products:

Open 5GS

Versions: v2.7.1

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments using the vulnerable NFV components (UPF/SMF) for PDU session handling.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of 5G network services, preventing new device connections and potentially affecting existing sessions in affected network segments.

🟠

Likely Case

Service degradation or temporary unavailability of 5G data services for users attempting to establish new connections.

🟢

If Mitigated

Limited impact with proper network segmentation and rate limiting, potentially causing only minor service interruptions.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept available on GitHub, exploitation appears straightforward for attackers with network access to vulnerable components.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Monitor Open 5GS repository for updates and apply when released.

🔧 Temporary Workarounds

Network Segmentation

linux

Isolate NFV components (UPF/SMF) from untrusted networks and implement strict access controls.

iptables -A INPUT -p tcp --dport <NFV_PORT> -s <TRUSTED_NETWORK> -j ACCEPT
iptables -A INPUT -p tcp --dport <NFV_PORT> -j DROP

Rate Limiting

linux

Implement rate limiting on PDU session establishment requests to prevent DoS amplification.

iptables -A INPUT -p tcp --dport <NFV_PORT> -m limit --limit 10/second --limit-burst 20 -j ACCEPT

🧯 If You Can't Patch

Implement network monitoring and alerting for abnormal PDU session establishment patterns
Deploy redundant NFV instances with load balancing to maintain service during attacks

🔍 How to Verify

Check if Vulnerable:

Check Open 5GS version: open5gs --version or examine package version. If version is 2.7.1 and NFV components are deployed, system is vulnerable.

Check Version:

open5gs --version

Verify Fix Applied:

When patch becomes available, verify version is updated beyond 2.7.1 and test PDU session establishment under load.

📡 Detection & Monitoring

Log Indicators:

Abnormal PDU session establishment failure rates
NFV component crash/restart logs
High volume of session requests from single sources

Network Indicators:

Unusual traffic patterns to UPF/SMF ports
Spike in PDU session establishment packets
Protocol anomalies in 5G signaling

SIEM Query:

source="open5gs.log" AND ("PDU session failure" OR "NFV crash" OR "session establishment error")

📊 Metadata

CVE ID: CVE-2024-51179

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-404

Published: November 12, 2024

Last Updated: September 29, 2025

🔗 References

https://github.com/Lakshmirnr/CVE-2024-51179 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-51179, you might also want to check these: