Shodan
Vulnerabilities
Vulnerable Software
Open5gs:  >> Open5gs  Security Vulnerabilities
CVE-2024-57519
An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-01-28
CVE-2024-24429
A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-01-22
CVE-2024-24430
A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-22
CVE-2024-24432
A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-01-22
CVE-2024-34235
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-01-22
CVE-2023-37015
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
CVSS Score
8.6
EPSS Score
0.0
Published
2025-01-22
CVE-2023-37016
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
CVSS Score
8.6
EPSS Score
0.0
Published
2025-01-22
CVE-2023-37017
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the MME, resulting in denial of service.
CVSS Score
8.6
EPSS Score
0.0
Published
2025-01-22
CVE-2023-37018
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
CVSS Score
8.6
EPSS Score
0.0
Published
2025-01-22
CVE-2023-37019
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the MME, resulting in denial of service.
CVSS Score
8.6
EPSS Score
0.0
Published
2025-01-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved