CVE-2024-24458

An invalid memory access when handling the ENB Configuration Transfer messages containing invalid PLMN Identities in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04780en_us&docLocale=en_US
http://athonet.com
https://cellularsecurity.org/ransacked

Configurations

No configuration.

History

31 Mar 2025, 21:15

Type	Values Removed	Values Added
Summary	(en) An invalid memory access when handling the ENB Configuration Transfer messages containing invalid PLMN Identities in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.	(en) An invalid memory access when handling the ENB Configuration Transfer messages containing invalid PLMN Identities in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.
References		() https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04780en_us&docLocale=en_US -
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 5.9

Information

Published : 2024-11-15 20:15

Updated : 2025-03-31 21:15

NVD link : CVE-2024-24458

Mitre link : CVE-2024-24458

CVE.ORG link : CVE-2024-24458

JSON object : View

Products Affected

No product.

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2024-24458", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-15T20:15:19.610", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04780en_us&docLocale=en_US", "source": "security-alert@hpe.com"}, {"url": "http://athonet.com", "source": "cve@mitre.org"}, {"url": "https://cellularsecurity.org/ransacked", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An invalid memory access when handling the ENB Configuration Transfer\u00a0messages containing invalid PLMN Identities in Athonet vEPC MME\u00a0v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular\u00a0network by repeatedly initiating connections and sending a crafted\u00a0payload."}, {"lang": "es", "value": "Un acceso a memoria no v\u00e1lido al manejar mensajes de transferencia de configuraci\u00f3n de ENB que contienen identidades PLMN no v\u00e1lidas en Athonet vEPC MME v11.4.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a la red celular al iniciar conexiones repetidamente y enviar un payload manipulado."}], "lastModified": "2025-03-31T21:15:44.957", "sourceIdentifier": "security-alert@hpe.com"}