CVE-2024-24428

HighPublic PoC

Published: 21 January 2025

Published

21 January 2025

Modified

24 January 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0019 41.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-24428 is a high-severity Reachable Assertion (CWE-617) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 41.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Flaw remediation directly addresses the reachable assertion in Open5GS by applying patches to versions beyond 2.6.4, eliminating the vulnerability.

SC-5 Denial-of-service Protection good match

preventdetect

Denial-of-service protection implements mechanisms to block or mitigate crafted NGAP packets that trigger service crashes in Open5GS.

SI-11 Error Handling good match

prevent

Effective error handling in the oai_nas_5gmm_decode function prevents assertions from causing DoS on malformed NGAP inputs.

NVD Description

A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.

Deeper analysisAI

CVE-2024-24428 is a reachable assertion vulnerability in the oai_nas_5gmm_decode function of Open5GS versions up to and including 2.6.4. This flaw enables attackers to trigger a Denial of Service (DoS) condition through a crafted NGAP packet. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-617.

An unauthenticated attacker with network access can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. By sending a specially crafted NGAP packet to an affected Open5GS deployment, the attacker triggers the assertion in the NAS 5GMM decoding process, resulting in a crash or service disruption that impacts availability without affecting confidentiality or integrity.

Mitigation details are available in the advisory published at https://cellularsecurity.org/ransacked, which was referenced alongside the CVE publication on 2025-01-21.

Details

CWE(s): CWE-617

Affected Products

open5gs

≤ 2.6.4

CVEs Like This One

CVE-2025-15530Same product: Open5Gs Open5Gs

CVE-2024-34235Same product: Open5Gs Open5Gs

CVE-2026-2523Same product: Open5Gs Open5Gs

CVE-2024-24430Same product: Open5Gs Open5Gs

CVE-2024-24427Same product: Open5Gs Open5Gs

CVE-2024-24429Same product: Open5Gs Open5Gs

CVE-2023-37018Same product: Open5Gs Open5Gs

CVE-2023-37019Same product: Open5Gs Open5Gs

CVE-2023-37021Same product: Open5Gs Open5Gs

CVE-2023-37017Same product: Open5Gs Open5Gs

References

https://cellularsecurity.org/ransacked
Exploit, Third Party Advisory · cve@mitre.org