CVE-2024-24426 is a vulnerability identified in the NGAP_FIND_PROTOCOLIE_BY_ID function within OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0. NGAP (Next Generation Application Protocol) is a critical protocol used in 5G core networks to manage signaling between the gNodeB (5G base station) and the Access and Mobility Management Function (AMF). The vulnerability stems from reachable assertions—programming checks that, when triggered by malformed input, cause the application to terminate unexpectedly. Specifically, crafted NGAP packets can cause these assertions to fail, leading to a denial of service condition by crashing the affected network function. The vulnerability does not require any privileges or user interaction, making it remotely exploitable by an unauthenticated attacker with network access to the affected components. The CVSS 3.1 base score of 7.5 indicates a high severity level, primarily due to the ease of exploitation (network vector, low complexity) and the impact on confidentiality (high), though integrity and availability impacts are not indicated by the CVSS vector. The CWE-78 tag suggests a possible command injection or improper input validation aspect, though the description focuses on assertion failures. No patches or known exploits are currently reported, but the vulnerability poses a significant risk to 5G core network stability and availability. OpenAirInterface and OAI EPC Federation are open-source implementations used by telecom operators and research institutions, making this vulnerability relevant to both commercial and experimental 5G deployments.

The primary impact of CVE-2024-24426 is denial of service against critical 5G core network components, specifically those implementing NGAP protocol handling. Successful exploitation can cause network functions like the AMF or related components to crash or become unresponsive, disrupting signaling and potentially causing service outages for mobile users. This can degrade network availability, impacting voice, data, and signaling services. For telecom operators, such outages can lead to customer dissatisfaction, financial losses, and regulatory penalties. Additionally, disruption of 5G core infrastructure could affect emergency services, IoT device connectivity, and other critical applications relying on mobile networks. The vulnerability's remote exploitability and lack of authentication requirements increase the risk of widespread attacks, especially in environments where these open-source implementations are deployed without adequate network segmentation or filtering. While no integrity or confidentiality impacts are directly indicated, the loss of availability in telecom infrastructure is a critical concern given the reliance on continuous network operation.

Organizations should immediately assess their use of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 in their 5G core network deployments. Until official patches are released, network operators should implement strict ingress filtering to block malformed or unexpected NGAP packets from untrusted sources. Deploying network segmentation to isolate core network functions and limiting exposure of NGAP interfaces to only trusted network segments can reduce attack surface. Monitoring and alerting on abnormal NGAP traffic patterns or assertion failures in logs can provide early detection of exploitation attempts. Operators should engage with the OpenAirInterface and OAI communities to obtain updates or patches addressing this vulnerability. Additionally, conducting thorough code reviews and fuzz testing on NGAP packet handling functions can help identify and remediate similar issues proactively. Finally, maintaining up-to-date backups and incident response plans tailored to telecom infrastructure outages will aid in rapid recovery if exploitation occurs.