CVE-2024-24427

High

Published: 21 January 2025

Published

21 January 2025

Modified

24 January 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0019 41.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-24427 is a high-severity Reachable Assertion (CWE-617) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 41.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Remediating the reachable assertion flaw in the amf_ue_set_suci function of Open5GS directly prevents attackers from triggering DoS crashes via crafted NAS packets.

SI-10 Information Input Validation good match

prevent

Validating incoming NAS packets rejects malformed inputs before they reach the vulnerable amf_ue_set_suci function, preventing the assertion failure.

SI-11 Error Handling good match

prevent

Robust error handling in the AMF component ensures assertion failures do not crash the process, maintaining availability against crafted NAS packets.

NVD Description

A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

Deeper analysisAI

CVE-2024-24427 is a reachable assertion vulnerability in the `amf_ue_set_suci` function within Open5GS versions up to and including 2.6.4. This flaw affects the Access and Mobility Management Function (AMF) component of the open-source 5G core network stack, enabling attackers to trigger a denial-of-service (DoS) condition through a specially crafted Non-Access Stratum (NAS) packet. The vulnerability is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-617 (Reachable Assertion).

Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By sending a malicious NAS packet to an affected Open5GS deployment, an attacker can cause the assertion to fail, leading to a crash of the AMF process and disrupting 5G core network services, resulting in a high-impact availability denial.

Mitigation details and further advisories are available at https://cellularsecurity.org/ransacked, published in relation to this vulnerability.

Details

CWE(s): CWE-617

Affected Products

open5gs

≤ 2.6.4

CVEs Like This One

CVE-2025-15530Same product: Open5Gs Open5Gs

CVE-2024-34235Same product: Open5Gs Open5Gs

CVE-2024-24428Same product: Open5Gs Open5Gs

CVE-2026-2523Same product: Open5Gs Open5Gs

CVE-2024-24430Same product: Open5Gs Open5Gs

CVE-2024-24429Same product: Open5Gs Open5Gs

CVE-2023-37018Same product: Open5Gs Open5Gs

CVE-2023-37019Same product: Open5Gs Open5Gs

CVE-2023-37021Same product: Open5Gs Open5Gs

CVE-2023-37017Same product: Open5Gs Open5Gs

References

https://cellularsecurity.org/ransacked
Third Party Advisory · cve@mitre.org