CVE-2024-24459

Name of the Vulnerable Software and Affected Versions Athonet vEPC MME version 11.4.0

Description The issue is related to an invalid memory access when handling the ProtocolIE ID field of S1Setup Request messages. This allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.

Recommendations For Athonet vEPC MME version 11.4.0, consider restricting access to the S1Setup Request messages to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the handling of the ProtocolIE ID field may also help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.