CVE-2024-24454

Name of the Vulnerable Software and Affected Versions Athonet vEPC MME version 11.4.0

Description The issue involves an invalid memory access when handling the ProtocolIE ID field of E-RAB Modify Request messages, allowing attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.

Recommendations For Athonet vEPC MME version 11.4.0, consider restricting access to the E-RAB Modify Request messages to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the handling of the ProtocolIE ID field in these messages may also help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.