Salim S.I

#14178of 53,633
18.9Total CVSS
Vulnerabilities · 3
Medium
2
High
1
PT-2024-2791
5.9
2024-03-07
Microsoft · Azure Private 5G Core · CVE-2024-20685
**Name of the Vulnerable Software and Affected Versions** Microsoft Azure Private 5G Core (affected versions not specified) **Description** The issue is related to improper input validation in the InitialUEMessage processing, which can lead to a denial-of-service condition. This can be exploited by a remote attacker to cause service outages. The vulnerability is due to errors in handling the length of input data in messages. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-7076
5.5
2022-10-24
Free5Gc · Free5Gc · CVE-2022-43677
**Name of the Vulnerable Software and Affected Versions** free5GC version 3.2.1 **Description** The issue is related to a malformed NGAP message that can cause the AMF and NGAP decoders to crash due to an index-out-of-range panic in the `aper.GetBitString` function. This can lead to a denial of service. The vulnerability is associated with incorrect resource cleanup or deallocation in the NGAP Message Handler component of the free5GC software. **Recommendations** For free5GC version 3.2.1, consider disabling the `aper.GetBitString` function as a temporary workaround to prevent the crash of the AMF and NGAP decoders until a patch is available. Restrict access to the NGAP Message Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-24241
7.5
2021-12-23
Open5Gs · Open5Gs · CVE-2021-45462
Name of the Vulnerable Software and Affected Versions: Open5GS version 2.4.0 Description: A crafted packet from a UE can cause a crash in the SGW-U/UPF component. This issue can potentially be used to deploy a denial-of-service (DoS) attack on private 5G networks. Recommendations: For Open5GS version 2.4.0, consider implementing packet validation and filtering to prevent malicious packets from reaching the SGW-U/UPF component. As a temporary workaround, restrict access to the SGW-U/UPF component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.