PT-2024-20405 · Athonet · Athonet Vepc Mme
Bennett
+1
·
Published
2024-11-15
·
Updated
2025-08-26
·
CVE-2024-24457
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Athonet vEPC MME version 11.4.0
Description
The issue is related to an invalid memory access when handling the
ProtocolIE ID field of E-RAB Setup List Context SURes messages. This allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.Recommendations
For Athonet vEPC MME version 11.4.0, update to a version that fixes the invalid memory access issue to prevent Denial of Service (DoS) attacks. As a temporary workaround, consider restricting the handling of E-RAB Setup List Context SURes messages to minimize the risk of exploitation.
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Athonet Vepc Mme