Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-4882: Multiple Vulnerabilities Open5gs | INCIBE-CERT

DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash.

CVE
#vulnerability#js#php#auth

Affected Resources

Open5GS, version 2.4.10 and prior.

Description

INCIBE has coordinated the publication of 4 vulnerabilities affecting Open5GS, an implementation for 5G Core and 4G, which have been discovered by Pablo Valle Alvear, from Titanium Industrial Security team.

These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector string and the CWE vulnerability type of each vulnerability:

  • CVE-2023-4882: CVSS v3.1: 7,5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | CWE-404.
  • CVE-2023-4883: CVSS v3.1: 7,5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | CWE-763.
  • CVE-2023-4884: CVSS v3.1: 6,5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L | CWE-306.
  • CVE-2023-4885: CVSS v3.1: 6,5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | CWE-300.

Solution

Open5GS is working on a fix for the reported vulnerabilities.

Detail

  • CVE-2023-4882: DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash.
  • CVE-2023-4883: invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage.
  • CVE-2023-4884: lack of authentication vulnerability. An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication.
  • CVE-2023-4885: Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907