The vulnerability in OpenAirInterface V2.2.0 AMF arises from improper handling of out-of-sequence messages during the UE registration process. When a SecurityModeComplete message is sent after the InitialUERegistration message, the system incorrectly transitions states, issuing a registration reject followed by a registration accept. This sequence allows the user equipment (UE) to become registered without undergoing the required authentication, effectively bypassing security controls. The CVSS score of 9.8 reflects the critical nature of this authentication bypass with high impact on confidentiality, integrity, and availability.

Successful exploitation allows an attacker to bypass the authentication mechanism entirely during UE registration, potentially granting unauthorized network access. This compromises the integrity and confidentiality of the affected system and can disrupt availability due to improper state handling.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary mitigation is currently documented. Until a patch is available, monitor vendor communications for updates and consider restricting access to vulnerable versions where feasible.