CVE-2024-24426

Aliases:GO-2024-3273
Advisory lineage Upstream: 0 Downstream: 1
Deferred
Published: 15 Nov 2024, 00:00
Last modified:03 Dec 2024, 16:11

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
0.41% LOW
0% probability -0.03%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

15 Nov 2024, 00:00
Published
Vulnerability first disclosed
03 Dec 2024, 16:11
Last Modified
Vulnerability information updated

Description

Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 allow attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.

CVSS Metrics

  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 0.41% Percentile: 62%

Techniques & Countermeasures

  • CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Affected Systems

  • github.com/magmamagma

    all

References (4)