The vulnerability in FlexRIC v2.0.0 arises from the iApp message dispatcher validating incoming E2AP messages against a fixed 9-entry whitelist using assert(). If a remote attacker sends any decodable E2AP PDU with a message type not in this whitelist, the assertion triggers a SIGABRT, crashing the iApp process on port 36422. Because the iApp and near-RT RIC share a process, this crash terminates the entire RIC service, causing disconnection of all E2 Nodes and xApps dependent on it. The vulnerability allows remote unauthenticated denial of service but does not have a CVSS score or known exploits in the wild at this time.

A remote unauthenticated attacker can cause a denial of service by crashing the iApp process, which also terminates the near-RT RIC service. This results in disconnection of all E2 Nodes and xApps relying on the RIC, potentially disrupting network operations dependent on this infrastructure. There is no indication of privilege escalation or data compromise from the provided information.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting network access to the iApp process port (36422) to trusted sources only to reduce exposure. Monitor for unusual traffic patterns targeting the E2AP message dispatcher. No official remediation or temporary fix has been published at this time.