Bennett

**Name of the Vulnerable Software and Affected Versions** Athonet MME (affected versions not specified) **Description** The issue is caused by an E-RAB Release Command packet containing a malformed NAS PDU, which will cause the Athonet MME to immediately crash, potentially due to a buffer overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Athonet vEPC MME version 11.4.0 **Description** The issue is caused by an invalid memory access when handling the `ProtocolIE ID` field of `E-RAB NotToBeModifiedBearerModInd` information element. This allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. **Recommendations** For Athonet vEPC MME version 11.4.0, update to a version that fixes the invalid memory access issue to prevent Denial of Service (DoS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Athonet vEPC MME version 11.4.0 **Description** The issue involves an invalid memory access when handling the `ProtocolIE ID` field of E-RAB Modify Request messages, allowing attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. **Recommendations** For Athonet vEPC MME version 11.4.0, consider restricting access to the E-RAB Modify Request messages to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the handling of the `ProtocolIE ID` field in these messages may also help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Athonet vEPC MME version 11.4.0 **Description** The issue arises from an invalid memory access when handling a UE Context Release message that contains an invalid UE identifier. This allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. **Recommendations** For Athonet vEPC MME version 11.4.0, consider disabling the handling of UE Context Release messages until a patch is available to prevent the Denial of Service (DoS) attack. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using the `UE identifier` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Athonet vEPC MME version 11.4.0 **Description** The issue is related to an invalid memory access when handling the `ProtocolIE ID` field of E-RAB Release Indication messages. This allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload, resulting in system downtime. **Recommendations** For Athonet vEPC MME version 11.4.0, patch immediately to resolve the issue and monitor for exploit attempts. As a temporary workaround, consider restricting access to the `ProtocolIE ID` field handling functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Athonet vEPC MME version 11.4.0 **Description** The issue arises from an invalid memory access when handling ENB Configuration Transfer messages that contain invalid PLMN Identities. This allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. **Recommendations** For Athonet vEPC MME version 11.4.0, consider restricting the handling of ENB Configuration Transfer messages to prevent the Denial of Service. As a temporary workaround, restrict access to the component responsible for handling these messages until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Athonet vEPC MME version 11.4.0 **Description** The issue is related to an invalid memory access when handling the `ProtocolIE ID` field of S1Setup Request messages. This allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. **Recommendations** For Athonet vEPC MME version 11.4.0, consider restricting access to the S1Setup Request messages to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the handling of the `ProtocolIE ID` field may also help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Athonet vEPC MME version 11.4.0 **Description** The issue is related to an invalid memory access when handling the `ProtocolIE ID` field of E-RAB Setup List Context SURes messages. This allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. **Recommendations** For Athonet vEPC MME version 11.4.0, update to a version that fixes the invalid memory access issue to prevent Denial of Service (DoS) attacks. As a temporary workaround, consider restricting the handling of E-RAB Setup List Context SURes messages to minimize the risk of exploitation.