Cyber Resilience

CVE-2023-37029

HighPublic PoC

Published: 21 January 2025

Published
21 January 2025
Modified
27 January 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0014 34.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-37029 is a high-severity Reachable Assertion (CWE-617) vulnerability in Linuxfoundation Magma. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 34.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2023-37029 is an assertion-based denial-of-service vulnerability affecting Magma versions up to and including 1.8.0, specifically impacting the Mobility Management Entity (MME) component. The flaw triggers a crash when the MME processes an oversized Non-Access Stratum (NAS) packet, as rated at CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and mapped to CWE-617 (Reachable Assertion). This issue was fixed in Magma version 1.9 via commit 08472ba98b8321f802e95f5622fa90fec2dea486.

An attacker can exploit this vulnerability over the network with low complexity and no privileges required. Exploitation is possible either through a compromised base station or by using an unauthenticated cellphone within range of a base station managed by the vulnerable MME. By sending oversized NAS packets repeatedly, the attacker can cause ongoing crashes of the MME, resulting in a denial of service that disrupts network connectivity for users relying on the affected infrastructure.

Mitigation requires upgrading to Magma v1.9 or later, incorporating the specified fixing commit. Additional details on the vulnerability, including technical analysis, are available in the advisory at https://cellularsecurity.org/ransacked.

EU & UK References

Vulnerability details

Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. An attacker may leverage this behavior to repeatedly crash the MME via either a compromised base station or…

more

via an unauthenticated cellphone within range of a base station managed by the MME, causing a denial of service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Directly enables application exploitation to crash the MME service, matching Endpoint DoS via vulnerability trigger.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2023-37024Same product: Linuxfoundation Magma
CVE-2024-24420Same product: Linuxfoundation Magma
CVE-2024-24422Same product: Linuxfoundation Magma
CVE-2024-24419Same product: Linuxfoundation Magma
CVE-2024-24418Same product: Linuxfoundation Magma
CVE-2024-24416Same product: Linuxfoundation Magma
CVE-2024-24417Same product: Linuxfoundation Magma
CVE-2024-24423Same product: Linuxfoundation Magma
CVE-2023-37032Same product: Linuxfoundation Magma
CVE-2024-24421Same product: Linuxfoundation Magma

Affected Assets

linuxfoundation
magma
≤ 1.8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates incoming NAS packets to reject oversized inputs before they reach the assertion check in the MME, directly preventing the crash.

preventdetect

Implements network-level protections such as rate limiting and traffic filtering to mitigate repeated oversized NAS packet floods causing MME DoS.

prevent

Ensures timely application of the Magma v1.9 patch that fixes the assertion failure on oversized NAS packets.

References