CVE-2024-51179
Published: 12 November 2024
Summary
CVE-2024-51179 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Direct Network Flood (T1498.001); ranked in the top 5.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2024-51179 is a denial-of-service vulnerability in Open5GS version 2.7.1 that affects core 5G network functions, specifically the User Plane Function and Session Management Function during the Packet Data Unit session establishment process. The flaw is tracked under CWE-404 and carries a CVSS 3.1 score of 7.5, reflecting network-accessible attack vectors that require no authentication or user interaction and result in high availability impact.
A remote attacker can send crafted traffic to trigger the vulnerability in the NFV components handling PDU sessions, causing the affected functions to fail and disrupting service continuity for connected users. Because the attack requires only network reachability, it can be launched from any position that can reach the exposed 5G core interfaces.
The single public reference is a GitHub repository that documents the issue; no vendor advisory, patch details, or mitigation guidance is provided in the available sources. The associated EPSS score has remained flat at 0.1354 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-45294
Vulnerability details
An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management Function (SMF), The Packet Data Unit (PDU)…
more
session establishment process.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables remote DoS by flooding crafted PFCP packets to crash UPF/SMF services, mapping to direct network flood, service exhaustion flood, and application exploitation for denial of service.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Contingency plan updates incorporate proper resource shutdown and release steps, preventing attackers from leveraging incomplete cleanup during recovery scenarios.
Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release.
Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects.
Procedures can mandate orderly shutdown or release of resources when failures occur, preventing improper resource handling after a fault.