CVSS 3.1 Score 7.5 of 10 (high)


Published Oct 23, 2023
Updated: Jan 9, 2024
CWE ID 347


CVE-2023-46324 is a vulnerability found in free5GC udm before version 1.2.0, specifically when using Go before version 1.19. This vulnerability allows for an Invalid Curve Attack, as it may compute a shared secret using an uncompressed public key that has not been validated. The affected products include 'tNAEWa', 'tNAEWZ', 'tNAEWY', 'tNAEWX', and 'tNAEWW'. To remediate this vulnerability, it is recommended to update to the latest version of free5GC udm and use Go version 1.19 or later. The potential danger posed by this vulnerability is high, as an attacker can send arbitrary SUCIs (Subscription Concealed Identifier) to the UDM and attempt to decrypt them using both its private key and the attacker's public key, potentially compromising the confidentiality of sensitive data.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46324 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options