September 18, 2024 at 06:47AM
Microsoft Azure Private 5G Core (AP5GC) has two critical vulnerabilities. The first (CVE-2024-20685) can lead to potential service outages, while the second (ZDI-CAN-23960) can disrupt network operations. These exploits underscore systemic weaknesses, particularly the lack of mandatory authentication procedures between base stations and packet-cores, posing potential denial-of-service threats.
From the meeting notes, it appears that there are two significant vulnerabilities in the Microsoft Azure Private 5G Core (AP5GC). The first vulnerability, identified as CVE-2024-20685, can lead to potential service outages when a crafted signaling message crashes the control plane. The second vulnerability, noted as ZDI-CAN-23960, can disrupt network operations by disconnecting and replacing attached base stations.
The impact of both vulnerabilities extends beyond the directly affected device, potentially leading to varying degrees of denial-of-service (DoS) and disrupting a broader network segment, as packet cores are critical network infrastructure nodes. Notably, the first attack can result in a total outage of services for all devices connected to the cellular network, and the second attack can eject the original base station and add an attacker-controlled base station to the network, which could be used to mount further attacks.
The article also outlines the attack setup, results, root causes, and mitigations for both vulnerabilities, highlighting the need for authentication between the base station and packet core to address these security concerns. Potential mitigation strategies include implementing IPSec or certificate-based authentication between the base station and packet core, allow-listing or whitelisting authorized base stations, access control and isolation of the Control Plane subnet, and deploying deep packet inspection (DPI) solutions for virtual patching before vendor fixes.
It’s worth noting that CVE-2024-20685 has been fixed by Microsoft, while ZDI-CAN-23960 was reported to Microsoft and they are currently assessing the necessary action based on their internal timeline.
Overall, the article provides valuable insights into the vulnerabilities, their potential impact, and possible mitigation strategies to address them. If there are any additional actions or follow-ups required based on these meeting notes, please let me know how I can assist further.