admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-370xx/CVE-2023-37012.json
cad-safe-bot fd2d8457c4 Auto-Update: 2025-01-27T23:00:23.681848+00:00
2025-01-27 23:03:49 +00:00

60 lines
2.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-37012",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:10.783",
"lastModified": "2025-01-27T21:15:11.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the MME, resulting in denial of service."
},
{
"lang": "es",
"value": "Las versiones de Open5GS MME anteriores a la 2.6.4 contienen una aserci\u00f3n que se puede activar de forma remota a trav\u00e9s de un paquete ASN.1 mal formado a trav\u00e9s de la interfaz S1AP. Un atacante puede enviar un mensaje de \"Mensaje inicial de UE\" sin el campo \"Identidad PLMN\" requerido para bloquear repetidamente el MME, lo que da como resultado la denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"references": [
{
"url": "https://cellularsecurity.org/ransacked",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink