CVE-2023-37019

HighPublic PoC

Published: 22 January 2025

Published

22 January 2025

Modified

22 April 2025

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Score 0.0031 53.7th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-37019 is a high-severity Reachable Assertion (CWE-617) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 8.6 (High).

Operationally, ranked in the top 46.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Validates S1AP messages to ensure required fields like Supported TAs are present, directly preventing the malformed packet from triggering the assertion failure.

SC-5 Denial-of-service Protection good match

prevent

Limits the effects of repeated S1Setup Request messages that crash the MME, mitigating the denial-of-service impact.

SI-2 Flaw Remediation good match

prevent

Remediates the specific reachable assertion flaw in Open5GS MME versions <=2.6.4 by applying patches or updates.

NVD Description

Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the…

MME, resulting in denial of service.

Deeper analysisAI

CVE-2023-37019 is a vulnerability in Open5GS MME versions up to and including 2.6.4, where an assertion failure can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. Specifically, an attacker can send an S1Setup Request message missing the required Supported TAs field, causing the MME to crash and resulting in a denial of service. The issue, published on 2025-01-22, is classified under CWE-617 (Reachable Assertion) with a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

An unauthenticated remote attacker can exploit this vulnerability with low attack complexity over the network. By sending the malformed S1Setup Request repeatedly, the attacker achieves a denial of service by crashing the MME component, disrupting its availability. The changed scope (S:C) reflects the potential for impact beyond the vulnerable component in a 5G core network environment.

Mitigation details are available in the advisory referenced at https://cellularsecurity.org/ransacked.

Details

CWE(s): CWE-617

Affected Products

open5gs

≤ 2.6.4

CVEs Like This One

CVE-2025-15530Same product: Open5Gs Open5Gs

CVE-2023-37018Same product: Open5Gs Open5Gs

CVE-2024-24428Same product: Open5Gs Open5Gs

CVE-2024-34235Same product: Open5Gs Open5Gs

CVE-2023-37021Same product: Open5Gs Open5Gs

CVE-2026-2523Same product: Open5Gs Open5Gs

CVE-2024-24430Same product: Open5Gs Open5Gs

CVE-2023-37017Same product: Open5Gs Open5Gs

CVE-2024-24427Same product: Open5Gs Open5Gs

CVE-2023-37016Same product: Open5Gs Open5Gs

References

https://cellularsecurity.org/ransacked
Exploit, Technical Description, Third Party Advisory · cve@mitre.org