CVE-2024-24426 — Vulnetix

CVE-2024-24426 PUBLISHED CVSS 7.5 HIGH

Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 allow attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.

EPSS 0.44% · 63.2th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.44%

63.2th percentile

Affected Products

Vendor	Product	Versions
openairinterface	magma	1.8.0
n/a	n/a	n/a
oai_epc_federation	oai_epc_federation	1.2.0

Timeline

Nov 15, 2024 CVE Published
Nov 16, 2024 EPSS Score
Nov 16, 2024 Coalition ESS Score
Nov 19, 2024 Coalition ESS Score
Dec 3, 2024 CVE Updated
Dec 4, 2024 EPSS Score
Dec 21, 2024 EPSS Score
Jan 7, 2025 EPSS Score
Jan 24, 2025 EPSS Score
Feb 10, 2025 EPSS Score
Feb 12, 2025 Coalition ESS Score
Feb 27, 2025 EPSS Score

References

https://cellularsecurity.org/ransacked url
https://github.com/magma/magma url
https://github.com/OPENAIRINTERFACE/openair-epc-fed url
https://nvd.nist.gov/vuln/detail/CVE-2024-24426 advisory

Open in Interactive Console →