exploitDog

CVE-2023-37024

Опубликовано: 21 янв. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an Emergency Number List Information Element.

Ссылки

https://cellularsecurity.org/ransacked
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linuxfoundation:magma:*:*:*:*:*:*:*:*

Версия до 1.9 (исключая)

EPSS

Процентиль: 49%

0.00256

Низкий

7.5 High

CVSS3

Дефекты

CWE-617

CWE-617

Связанные уязвимости

GHSA-9rmr-pw3x-x887

CVSS3: 7.5

github

около 1 года назад

A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an `Emergency Number List` Information Element.

EPSS

Процентиль: 49%

0.00256

Низкий

7.5 High

CVSS3

Дефекты

CWE-617

CWE-617