CVE-2022-38870

Name of the Vulnerable Software and Affected Versions Free5gc version 3.2.1

Description The issue is related to information disclosure due to a lack of authentication for a critical function in the free5GC software, which is used for organizing 5G mobile network communications. This allows a remote attacker to disclose protected information.

Recommendations For Free5gc version 3.2.1, consider implementing authentication for the critical function to prevent information disclosure. As a temporary workaround, restrict access to the critical function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.