Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2024-51179

CVE-2024-51179: Open5GS DoS Vulnerability in NFV Functions

CVE-2024-51179 is a denial of service vulnerability in Open5GS v.2.7.1 affecting Network Function Virtualizations including UPF and SMF during PDU session establishment. This article covers technical details, impact, and mitigation.

Published:

CVE-2024-51179 Overview

CVE-2024-51179 is a denial of service vulnerability affecting Open5GS version 2.7.1, an open source implementation of 5G Core and EPC networks. A remote attacker can disrupt service availability by abusing the Packet Data Unit (PDU) session establishment process across Network Function Virtualizations (NFVs). The affected components include the User Plane Function (UPF) and the Session Management Function (SMF). The flaw is categorized under [CWE-404] (Improper Resource Shutdown or Release), indicating mishandled resource lifecycle during session signaling.

Critical Impact

A remote, unauthenticated attacker can disrupt 5G core functions UPF and SMF, breaking subscriber connectivity by exploiting the PDU session establishment process.

Affected Products

  • Open5GS 2.7.1
  • User Plane Function (UPF) component
  • Session Management Function (SMF) component

Discovery Timeline

  • 2024-11-12 - CVE-2024-51179 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2024-51179

Vulnerability Analysis

The vulnerability resides in the PDU session establishment workflow that links the SMF and UPF in Open5GS 2.7.1. The issue maps to [CWE-404], where allocated resources are not properly released after session signaling. By repeatedly initiating session establishment requests with malformed or abnormal parameters, an attacker can exhaust resources or trigger conditions that halt these network functions. Because UPF and SMF are central to 5G data plane and session control, their failure breaks user-plane connectivity for subscribers attached to the affected core. The vulnerability requires no authentication and no user interaction, and it is reachable across the network where the 5G core service interfaces are exposed.

Root Cause

The root cause is improper resource shutdown or release during PDU session establishment. The SMF and UPF do not adequately clean up or constrain resources allocated during incomplete or abnormal session signaling flows, allowing repeated requests to degrade availability.

Attack Vector

Exploitation occurs over the network against exposed 5G core service-based interfaces. An attacker capable of sending PDU session establishment traffic toward the SMF (and downstream UPF via N4) can repeatedly invoke the vulnerable flow to cause denial of service. Proof-of-concept details are referenced in the GitHub PoC Repository.

No verified exploit code is reproduced here. See the linked PoC repository for technical details on triggering the condition.

Detection Methods for CVE-2024-51179

Indicators of Compromise

  • Repeated PDU session establishment requests from a single source or correlated sources targeting the SMF service interface.
  • Abrupt termination or crash logs for open5gs-smfd or open5gs-upfd processes on the core network hosts.
  • Sudden drops in active PDU session counts and elevated N4 (PFCP) error responses between SMF and UPF.

Detection Strategies

  • Monitor Open5GS process health and restart counters for smfd and upfd to flag unexpected exits.
  • Inspect SMF logs for malformed or repeated session establishment messages that fail mid-procedure.
  • Apply rate-based detection on PFCP and NAS session establishment signaling to identify abnormal request volumes.

Monitoring Recommendations

  • Forward Open5GS service logs and host telemetry to a centralized logging platform for correlation.
  • Track resource utilization (CPU, memory, file descriptors) on SMF and UPF hosts for exhaustion patterns.
  • Alert on N4 association failures or sustained PFCP error rates between SMF and UPF instances.

How to Mitigate CVE-2024-51179

Immediate Actions Required

  • Upgrade Open5GS to a version later than 2.7.1 that addresses [CWE-404] in the PDU session establishment path once released by the project.
  • Restrict network reachability of SMF and UPF service interfaces to trusted 5G core peers only.
  • Deploy rate limiting and signaling validation in front of the SMF to reject malformed PDU session establishment requests.

Patch Information

No vendor advisory URL is provided in the CVE record. Track the Open5GS project repository for fixes addressing PDU session establishment resource handling in versions after 2.7.1. Reference: GitHub PoC Repository.

Workarounds

  • Segment the 5G core control plane so that only authorized network functions can reach SMF and UPF interfaces.
  • Implement signaling firewalls or Service Communication Proxy (SCP) policies to filter abnormal session establishment traffic.
  • Configure process supervisors to automatically restart open5gs-smfd and open5gs-upfd to reduce outage duration during exploitation attempts.
bash
# Example: restrict SMF service-based interface to trusted subnets using iptables
iptables -A INPUT -p tcp --dport 7777 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 7777 -j DROP

# Example: restrict PFCP (N4) between SMF and UPF to known peers
iptables -A INPUT -p udp --dport 8805 -s 10.0.0.10 -j ACCEPT
iptables -A INPUT -p udp --dport 8805 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne