CVE-2024-24449 is a vulnerability identified in the OpenAirInterface CN5G Access and Mobility Management Function (AMF) up to version 2.0.0. The flaw resides in the NasPdu::NasPdu component, where an uninitialized pointer dereference occurs when processing a crafted InitialUEMessage. This message is part of the 5G core network signaling used during user equipment (UE) registration and connection setup. An attacker can exploit this by sending a specially crafted InitialUEMessage to the AMF, causing the system to dereference an uninitialized pointer, which leads to a crash or service disruption, effectively a Denial of Service (DoS). The vulnerability is classified under CWE-824 (Access of Uninitialized Pointer), indicating a programming error that can cause unpredictable behavior. The CVSS v3.1 score of 6.5 reflects a medium severity, with network attack vector, low attack complexity, no privileges required, but requiring user interaction (sending the crafted message). The impact is limited to availability, with no direct confidentiality or integrity compromise. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed promptly. This vulnerability affects operators and vendors deploying OpenAirInterface CN5G AMF in their 5G core infrastructure, potentially disrupting mobile network services.

The primary impact of CVE-2024-24449 is a Denial of Service condition in the 5G core network's AMF component, which is critical for managing user equipment connectivity and mobility. A successful exploit can cause the AMF to crash or become unresponsive, leading to service outages or degraded network performance. This can disrupt mobile communications, affecting voice, data, and signaling services for subscribers. For network operators, this can translate into customer dissatisfaction, potential revenue loss, and increased operational costs due to incident response and recovery efforts. In critical infrastructure or emergency services relying on 5G connectivity, such disruptions could have severe consequences. Since the vulnerability requires no privileges and can be triggered remotely over the network, the attack surface is broad. However, the need for crafted signaling messages and the specificity of the affected software limits the scope somewhat. Still, organizations using OpenAirInterface CN5G AMF must consider this a significant availability risk.

To mitigate CVE-2024-24449, organizations should first verify if they are using OpenAirInterface CN5G AMF up to version 2.0.0 in their 5G core network deployments. If so, they should monitor for vendor patches or updates addressing this vulnerability and apply them promptly once available. In the absence of an official patch, network operators can implement filtering or validation rules at the network edge or signaling gateways to detect and block malformed InitialUEMessage packets that could trigger the vulnerability. Deploying anomaly detection systems focused on 5G signaling traffic may help identify suspicious message patterns indicative of exploitation attempts. Additionally, segmenting the 5G core network and restricting access to the AMF component can reduce exposure. Regular security assessments and penetration testing targeting 5G core components should include tests for this vulnerability. Finally, maintaining robust incident response plans for 5G network disruptions will help minimize downtime if exploitation occurs.