The vulnerability in FlexRIC v2.0.0 arises from improper handling of SCTP association closure before an E2_SETUP_REQUEST message is sent. The near-RT RIC component expects a valid mapping between SCTP association and E2 node during cleanup and uses an assert() to enforce this. If the SCTP association is closed prematurely, the assert() triggers, crashing the application. This can be exploited remotely without authentication by initiating and then immediately closing an SCTP connection on port 36421, resulting in a denial of service condition.

An unauthenticated remote attacker can cause the near-RT RIC to crash, leading to a denial of service. This disrupts the availability of the affected FlexRIC component. There is no indication of code execution or data compromise from the provided information.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, consider implementing network-level protections such as filtering or rate-limiting SCTP connections to port 36421 to reduce exposure to this attack vector.