CVE-2026-37224
FlexRIC iApp Process Crash via Duplicate E2 Setup Request
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-37224 is a high-severity vulnerability in FlexRIC v2.0.0 where the software crashes when it receives a duplicate E2_SETUP_REQUEST message from the same or a spoofed E2 node.
The root cause is that the iApp registry enforces uniqueness of E2 node IDs using an assert() statement rather than handling duplicates gracefully. When two identical setup requests with the same GlobalE2node_ID are sent over SCTP to port 36421, the iApp process aborts, causing a denial of service.
How can this vulnerability impact me? :
This vulnerability can lead to a denial of service by crashing the iApp process in FlexRIC v2.0.0.
A remote unauthenticated attacker can exploit this by sending two E2_SETUP_REQUESTs with the same node configuration, causing the process to abort and disrupting service availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for duplicate E2_SETUP_REQUEST messages sent to port 36421 over SCTP. Specifically, look for two or more E2_SETUP_REQUESTs with the same GlobalE2node_ID originating from the same or spoofed E2 nodes.
Commands to help detect this include using packet capture and analysis tools to filter SCTP traffic on port 36421 and identify duplicate setup requests.
- Use tcpdump to capture SCTP traffic on port 36421: tcpdump -i <interface> port 36421 and sctp
- Analyze captured packets with Wireshark or tshark to filter and identify duplicate E2_SETUP_REQUEST messages with the same GlobalE2node_ID.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting SCTP access to port 36421 to only trusted nodes to prevent unauthorized or spoofed E2_SETUP_REQUEST messages.
Additionally, modifying the iApp registry code to handle duplicate E2 node registrations gracefully instead of using assert() can prevent crashes, though this requires code changes.
Since no official fix was available at the time of disclosure, network-level controls and monitoring are critical to reduce the risk of denial of service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.