Open5gs ≫ Open5gs

114 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

5.3

CVE-2024-24432

Exploit

EPSS 0.12%
Veröffentlicht 22.01.2025 15:15:12
Zuletzt bearbeitet 22.04.2025 17:27:16

A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

8.6

CVE-2024-34235

Exploit

EPSS 0.1%
Veröffentlicht 22.01.2025 15:15:12
Zuletzt bearbeitet 22.04.2025 17:22:57

Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resu...

8.6

CVE-2023-37015

Exploit

EPSS 0.32%
Veröffentlicht 22.01.2025 15:15:11
Zuletzt bearbeitet 22.04.2025 17:15:23

Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly cras...

8.6

CVE-2023-37016

Exploit

EPSS 0.32%
Veröffentlicht 22.01.2025 15:15:11
Zuletzt bearbeitet 22.04.2025 17:15:20

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to rep...

8.6

CVE-2023-37017

Exploit

EPSS 0.32%
Veröffentlicht 22.01.2025 15:15:11
Zuletzt bearbeitet 22.04.2025 17:15:17

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the...

8.6

CVE-2023-37018

Exploit

EPSS 0.32%
Veröffentlicht 22.01.2025 15:15:11
Zuletzt bearbeitet 22.04.2025 17:15:13

Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `MME_UE_S1AP_ID` field to repea...

8.6

CVE-2023-37019

Exploit

EPSS 0.32%
Veröffentlicht 22.01.2025 15:15:11
Zuletzt bearbeitet 22.04.2025 17:15:09

Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash th...

8.6

CVE-2023-37020

Exploit

EPSS 0.32%
Veröffentlicht 22.01.2025 15:15:11
Zuletzt bearbeitet 22.04.2025 17:15:07

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Complete` message missing a required `MME_UE_S1AP_ID` field to repeated...

8.6

CVE-2023-37021

Exploit

EPSS 0.32%
Veröffentlicht 22.01.2025 15:15:11
Zuletzt bearbeitet 22.04.2025 17:15:04

Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Failure` message missing a required `MME_UE_S1AP_ID` field to repe...

7.5

CVE-2023-37022

Exploit

EPSS 0.32%
Veröffentlicht 22.01.2025 15:15:11
Zuletzt bearbeitet 22.04.2025 17:13:19

Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denia...

<1...45678910...12>

Team-orientierte Vulnerability Management Plattform

Features der Plattform

Open5gs ≫ Open5gs

CVE-2024-24432

CVE-2024-34235

CVE-2023-37015

CVE-2023-37016

CVE-2023-37017

CVE-2023-37018

CVE-2023-37019

CVE-2023-37020

CVE-2023-37021

CVE-2023-37022