CVE-2023-37005
Global infos:
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
CVE Status: Awaiting Analysis
References:
Metrics:
| Attribute | Value |
|---|---|
| Attack Complexity | LOW |
| Attack Vector | LOCAL |
| Availability Impact | LOW |
| Base Score | 5.3 |
| Base Severity | MEDIUM |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Privileges Required | LOW |
| Scope | UNCHANGED |
| User Interaction | NONE |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| Exploitability Score | 1.8 |
| Impact Score | 3.4 |
| Source | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| Type | Secondary |