PT-2024-20406 · Athonet · Athonet Vepc Mme

Bennett

Published

2024-11-15

Updated

2025-08-26

CVE-2024-24458

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Athonet vEPC MME version 11.4.0

Description The issue arises from an invalid memory access when handling ENB Configuration Transfer messages that contain invalid PLMN Identities. This allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.

Recommendations For Athonet vEPC MME version 11.4.0, consider restricting the handling of ENB Configuration Transfer messages to prevent the Denial of Service. As a temporary workaround, restrict access to the component responsible for handling these messages until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2024-24458

Affected Products

Athonet Vepc Mme

PT-2024-20406 · Athonet · Athonet Vepc Mme

CVE-2024-24458

Weakness Enumeration

Related Identifiers

Affected Products

References · 8