CVE-2023-37019
Published: 22 January 2025
Summary
CVE-2023-37019 is a high-severity Reachable Assertion (CWE-617) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2023-37019 is a vulnerability in Open5GS MME versions up to and including 2.6.4, where an assertion failure can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. Specifically, an attacker can send an S1Setup Request message missing the required Supported TAs field, causing the MME to crash and resulting in a denial of service. The issue, published on 2025-01-22, is classified under CWE-617 (Reachable Assertion) with a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
An unauthenticated remote attacker can exploit this vulnerability with low attack complexity over the network. By sending the malformed S1Setup Request repeatedly, the attacker achieves a denial of service by crashing the MME component, disrupting its availability. The changed scope (S:C) reflects the potential for impact beyond the vulnerable component in a 5G core network environment.
Mitigation details are available in the advisory referenced at https://cellularsecurity.org/ransacked.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-40939
Vulnerability details
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the…
more
MME, resulting in denial of service.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Malformed S1AP packet triggers remote assertion failure and MME crash (DoS); directly matches public-facing application exploitation and application/system exploitation for endpoint DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates S1AP messages to ensure required fields like Supported TAs are present, directly preventing the malformed packet from triggering the assertion failure.
Limits the effects of repeated S1Setup Request messages that crash the MME, mitigating the denial-of-service impact.
Remediates the specific reachable assertion flaw in Open5GS MME versions <=2.6.4 by applying patches or updates.