Cyber Resilience

CVE-2024-24444

High

Published: 21 January 2025

Published
21 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0028 51.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-24444 is a high-severity Missing Release of File Descriptor or Handle after Effective Lifetime (CWE-775) vulnerability in Cellularsecurity (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Service Exhaustion Flood (T1499.002); ranked in the top 48.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2024-24444 involves improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to version 2.0.0. This vulnerability affects the N2 interface of the software, allowing attackers to trigger a Denial of Service (DoS) by repeatedly establishing SCTP connections. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-775 (Allocation of File Descriptors or Handles Without Limits or Throttling). The issue was published on 2025-01-21.

Remote attackers with network access to the N2 interface can exploit this vulnerability without privileges, authentication, or user interaction due to its low attack complexity. By repeatedly establishing SCTP connections, which are not properly handled upon closure, attackers exhaust available file descriptors. This results in a High-impact availability disruption, preventing the AMF from processing legitimate connections and effectively denying service to the component.

Advisories and further details are available from OpenAirInterface at http://openairinterface.com and Cellular Security research at https://cellularsecurity.org/ransacked. Security practitioners should consult these sources for any recommended mitigations, such as software updates beyond version 2.0.0 or configuration hardening to limit connection rates.

EU & UK References

Vulnerability details

Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.002 Service Exhaustion Flood Impact
Adversaries may target the different network services provided by systems to conduct a denial of service (DoS).
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

CVE enables resource exhaustion DoS against the AMF service via repeated SCTP connection establishment, directly mapping to service exhaustion flood and application exploitation for endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

Affected Assets

Cellularsecurity
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-5 directly prevents DoS attacks by limiting the effects of repeated SCTP connection establishments that exhaust file descriptors on the N2 interface.

prevent

SC-6 protects resource availability by enforcing allocation methods and limits on file descriptors to mitigate exhaustion from improperly handled closed connections.

preventdetect

SC-7 enforces boundary protection at the N2 interface to monitor, control, and rate-limit incoming SCTP connections, reducing the risk of descriptor exhaustion.

References