CVE-2024-24455

Name of the Vulnerable Software and Affected Versions Athonet vEPC MME version 11.4.0

Description The issue arises from an invalid memory access when handling a UE Context Release message that contains an invalid UE identifier. This allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.

Recommendations For Athonet vEPC MME version 11.4.0, consider disabling the handling of UE Context Release messages until a patch is available to prevent the Denial of Service (DoS) attack. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using the UE identifier in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.