CVE-2024-24458

Summary

CVE-2024-24458 is a newly disclosed cybersecurity vulnerability affecting Athonet vEPC MME v11.4.0. This issue arises when the system processes ENB Configuration Transfer messages with invalid PLMN Identities. The result is an invalid memory access, which in turn enables attackers to cause a Denial of Service (DoS) to the cellular network. By initiating multiple connections and sending crafted payloads, attackers can repeatedly trigger the vulnerability, leading to network congestion and potential downtime. This vulnerability poses a significant risk to network availability and requires immediate attention and patching from affected organizations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.