Cyber Resilience

CVE-2023-37019

HighPublic PoC

Published: 22 January 2025

Published
22 January 2025
Modified
22 April 2025
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0031 54.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-37019 is a high-severity Reachable Assertion (CWE-617) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2023-37019 is a vulnerability in Open5GS MME versions up to and including 2.6.4, where an assertion failure can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. Specifically, an attacker can send an S1Setup Request message missing the required Supported TAs field, causing the MME to crash and resulting in a denial of service. The issue, published on 2025-01-22, is classified under CWE-617 (Reachable Assertion) with a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

An unauthenticated remote attacker can exploit this vulnerability with low attack complexity over the network. By sending the malformed S1Setup Request repeatedly, the attacker achieves a denial of service by crashing the MME component, disrupting its availability. The changed scope (S:C) reflects the potential for impact beyond the vulnerable component in a 5G core network environment.

Mitigation details are available in the advisory referenced at https://cellularsecurity.org/ransacked.

EU & UK References

Vulnerability details

Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the…

more

MME, resulting in denial of service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Malformed S1AP packet triggers remote assertion failure and MME crash (DoS); directly matches public-facing application exploitation and application/system exploitation for endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2023-37023Same product: Open5Gs Open5Gs
CVE-2024-24427Same product: Open5Gs Open5Gs
CVE-2024-24428Same product: Open5Gs Open5Gs
CVE-2025-15530Same product: Open5Gs Open5Gs
CVE-2023-37013Same product: Open5Gs Open5Gs
CVE-2023-37020Same product: Open5Gs Open5Gs
CVE-2024-24429Same product: Open5Gs Open5Gs
CVE-2026-2523Same product: Open5Gs Open5Gs
CVE-2024-24430Same product: Open5Gs Open5Gs
CVE-2024-34235Same product: Open5Gs Open5Gs

Affected Assets

open5gs
open5gs
≤ 2.6.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates S1AP messages to ensure required fields like Supported TAs are present, directly preventing the malformed packet from triggering the assertion failure.

prevent

Limits the effects of repeated S1Setup Request messages that crash the MME, mitigating the denial-of-service impact.

prevent

Remediates the specific reachable assertion flaw in Open5GS MME versions <=2.6.4 by applying patches or updates.

References