CVE-2024-24430

HighPublic PoC

Published: 22 January 2025

Published

22 January 2025

Modified

22 April 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0031 53.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-24430 is a high-severity Reachable Assertion (CWE-617) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 46.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Flaw remediation directly addresses the reachable assertion vulnerability by applying patches to Open5GS versions up to 2.6.4.

SI-11 Error Handling good match

prevent

Proper error handling prevents assertion failures in mme_ue_find_by_imsi from causing DoS crashes on crafted NAS packets.

SI-10 Information Input Validation good match

prevent

Input validation of NAS packets and IMSI values blocks malformed inputs from reaching and triggering the vulnerable lookup function.

NVD Description

A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

Deeper analysisAI

CVE-2024-24430 is a reachable assertion vulnerability in the mme_ue_find_by_imsi function of Open5GS versions up to and including 2.6.4. This flaw affects the open-source 5G core network implementation, enabling attackers to trigger a Denial of Service (DoS) condition through a specially crafted NAS (Non-Access Stratum) packet. The issue is classified under CWE-617 and was published on 2025-01-22 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for high-impact disruption without compromising confidentiality or integrity.

Remote attackers with network access to the vulnerable Open5GS deployment can exploit this vulnerability by sending a malicious NAS packet, which triggers the assertion failure in the MME (Mobility Management Entity) user equipment lookup function by IMSI. No authentication or privileges are required, and the attack requires low complexity with no user interaction. Successful exploitation results in a DoS, such as application crashes or service unavailability, potentially disrupting core network functions for affected users or the entire system.

Mitigation details and patches are referenced in advisories available at https://cellularsecurity.org/ransacked. Security practitioners should consult these resources for upgrade instructions to remediate the vulnerability in Open5GS deployments.

Details

CWE(s): CWE-617

Affected Products

open5gs

≤ 2.6.4

CVEs Like This One

CVE-2025-15530Same product: Open5Gs Open5Gs

CVE-2024-24428Same product: Open5Gs Open5Gs

CVE-2024-34235Same product: Open5Gs Open5Gs

CVE-2026-2523Same product: Open5Gs Open5Gs

CVE-2024-24427Same product: Open5Gs Open5Gs

CVE-2024-24429Same product: Open5Gs Open5Gs

CVE-2023-37018Same product: Open5Gs Open5Gs

CVE-2023-37019Same product: Open5Gs Open5Gs

CVE-2023-37021Same product: Open5Gs Open5Gs

CVE-2023-37017Same product: Open5Gs Open5Gs

References

https://cellularsecurity.org/ransacked
Exploit, Technical Description, Third Party Advisory · cve@mitre.org
https://cellularsecurity.org/ransacked
Exploit, Technical Description, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0