Cyber Resilience

CVE-2024-51179

HighPublic PoC

Published: 12 November 2024

Published
12 November 2024
Modified
29 September 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.1354 94.4th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-51179 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Direct Network Flood (T1498.001); ranked in the top 5.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-51179 is a denial-of-service vulnerability in Open5GS version 2.7.1 that affects core 5G network functions, specifically the User Plane Function and Session Management Function during the Packet Data Unit session establishment process. The flaw is tracked under CWE-404 and carries a CVSS 3.1 score of 7.5, reflecting network-accessible attack vectors that require no authentication or user interaction and result in high availability impact.

A remote attacker can send crafted traffic to trigger the vulnerability in the NFV components handling PDU sessions, causing the affected functions to fail and disrupting service continuity for connected users. Because the attack requires only network reachability, it can be launched from any position that can reach the exposed 5G core interfaces.

The single public reference is a GitHub repository that documents the issue; no vendor advisory, patch details, or mitigation guidance is provided in the available sources. The associated EPSS score has remained flat at 0.1354 with no material increase since disclosure.

EU & UK References

Vulnerability details

An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management Function (SMF), The Packet Data Unit (PDU)…

more

session establishment process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1498.001 Direct Network Flood Impact
Adversaries may attempt to cause a denial of service (DoS) by directly sending a high-volume of network traffic to a target.
T1499.002 Service Exhaustion Flood Impact
Adversaries may target the different network services provided by systems to conduct a denial of service (DoS).
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability enables remote DoS by flooding crafted PFCP packets to crash UPF/SMF services, mapping to direct network flood, service exhaustion flood, and application exploitation for denial of service.

Affected Assets

open5gs
open5gs
2.7.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-404

Contingency plan updates incorporate proper resource shutdown and release steps, preventing attackers from leveraging incomplete cleanup during recovery scenarios.

addresses: CWE-404

Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release.

addresses: CWE-404

Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects.

addresses: CWE-404

Procedures can mandate orderly shutdown or release of resources when failures occur, preventing improper resource handling after a fault.

References