The vulnerability in FlexRIC v2.0.0 involves reachable assert(0) calls in stub message handlers for specific E2AP message types that are whitelisted but not implemented. When the near-RT RIC receives such a message (e.g., E2nodeConfigurationUpdate) on port 36421, it passes whitelist validation but triggers an unconditional assertion failure, causing the process to abort. This allows a remote unauthenticated attacker to crash the near-RT RIC process, resulting in denial of service.

A remote unauthenticated attacker can cause the near-RT RIC process to crash by sending a specially crafted E2AP message. This leads to a denial of service condition affecting the availability of the near-RT RIC component. There is no indication of code execution or data compromise from the provided information.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, consider restricting access to the near-RT RIC port 36421 to trusted sources only to reduce exposure. Monitor for unexpected process crashes and restart the service as needed.