Jinha Kim

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.7 **Description** A race condition exists in the NGAP Handover component within the `gmm state security mode()` function of the `src/amf/gmm-sm.c` file. This flaw allows a remote attacker to initiate a manipulation, although the attack complexity is high and exploitability is considered difficult. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.7 **Description** An improper authorization issue exists in the AMF/MME component within the `ran ue find by amf ue ngap id()` function of the `src/amf/context.c` file. This flaw allows a remote attacker to perform a manipulation that results in improper authorization. **Recommendations** Install patch 5746b8576cfceec18ed87eb7d8cf11b1fb4cd8b1. As a temporary workaround, restrict access to the `ran ue find by amf ue ngap id()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.7 **Description** Improper authentication exists in the NGAP PathSwitchRequest Message Handler component within the file src/amf/ngap-handler.c. This issue allows a remote attacker to manipulate the system due to a failure in the authentication process. **Recommendations** Apply patch a188e36b1741ffc2252133f59b1bda4f14d3cb5c to resolve the issue.