|
Title: Vulnerabilities in Cellular Packet Cores Part IV: Authentication Post by: HCK on September 18, 2024, 04:05:27 pm Vulnerabilities in Cellular Packet Cores Part IV: Authentication
Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores. Source: Vulnerabilities in Cellular Packet Cores Part IV: Authentication (https://www.trendmicro.com/en_us/research/24/i/vulnerabilities-in-cellular-packet-cores-part-iv-authentication.html) |