CVE-2024-20685

Azure Private 5G Core Denial of Service Vulnerability

CVSS 5.9 MEDIUMEPSS 5.5%CWE-130

In short

A flaw in Azure Private 5G Core allows an attacker to crash or disable the service by sending specially crafted network messages. This vulnerability can interrupt critical 5G network operations.

Technical detail

CWE-130 (Improper Handling of Length Parameter Inconsistency) in Azure Private 5G Core permits a network-based denial of service attack through malformed input handling. An attacker with network access to the affected component can trigger a service crash by exploiting parameter validation inconsistencies, resulting in unavailability of the 5G core infrastructure.

Summary generated and translated by AI from the official description.

Azure Private 5G Core Denial of Service Vulnerability

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Affected products

Microsoft · Azure Private 5G Core

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20685