Compliance Impact

The vulnerability causes a denial of service in the Open5GS SMF component by crashing the process when handling malformed requests. This disruption of service could impact the availability of network functions that handle user data.

While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, denial of service incidents can affect compliance by violating availability requirements mandated by these regulations.

However, there is no direct information provided about data breaches, unauthorized access, or data integrity issues related to this vulnerability that would more directly impact compliance with privacy or security controls under these standards.

Useful 0 Not Useful 0

Executive Summary

This vulnerability is a flaw found in Open5GS up to version 2.7.7, specifically in the function update_authorized_pcc_rule_and_qos within the file /src/smf/npcf-handler.c of the SMF component.

The flaw allows for manipulation that causes a denial of service (DoS) condition. The vulnerability can be exploited remotely, and an exploit has already been published.

Useful 0 Not Useful 0

Impact Analysis

The primary impact of this vulnerability is a denial of service, which means that an attacker can disrupt the normal operation of the affected Open5GS SMF component remotely.

This disruption could lead to service unavailability or degradation, potentially affecting network functions that rely on Open5GS.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring the Open5GS SMF process for crashes or abnormal termination, specifically looking for fatal errors related to the handling of malformed POST requests to the /nsmf-callback/v1/sm-policy-notify/{smContextRef}/update endpoint.

One indicator is the SMF process exiting with code 139 due to a NULL pointer dereference caused by missing flowDescription fields in the flowInfos array of SmPolicyDecision objects.

To detect exploitation attempts, you can capture and analyze network traffic for malformed POST requests to the mentioned endpoint that omit the required flowDescription field.

• Use system logs or process monitoring tools (e.g., journalctl, systemctl status) to check for SMF crashes or restarts.
• Use tcpdump or Wireshark to capture network traffic targeting the SMF service, filtering for POST requests to /nsmf-callback/v1/sm-policy-notify/*/update.
• Example tcpdump command: tcpdump -i <interface> -A 'tcp port 80 or tcp port 443' | grep 'POST /nsmf-callback/v1/sm-policy-notify/'

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include monitoring and restricting access to the SMF service to prevent malicious malformed requests from reaching it.

Since the vulnerability causes a denial of service through a crash triggered by malformed input, implementing input validation or filtering malformed requests at a network or application firewall level can reduce risk.

Additionally, consider restarting the SMF service if it crashes and monitoring it closely until an official patch or update is released.

Currently, the project has not responded with a fix, so applying any available workarounds or limiting exposure is critical.

Useful 0 Not Useful 0