CVE-2021-45462

Name of the Vulnerable Software and Affected Versions: Open5GS version 2.4.0

Description: A crafted packet from a UE can cause a crash in the SGW-U/UPF component. This issue can potentially be used to deploy a denial-of-service (DoS) attack on private 5G networks.

Recommendations: For Open5GS version 2.4.0, consider implementing packet validation and filtering to prevent malicious packets from reaching the SGW-U/UPF component. As a temporary workaround, restrict access to the SGW-U/UPF component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.