CVE-2023-36998

Feb. 6, 2025, 10:15 p.m.

8.9
High

Description

The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack-based buffer overflow vulnerability in the Emergency Number List decoding method. An attacker may send a NAS message containing an oversized Emergency Number List value to the MME to overwrite the stack with arbitrary bytes. An attacker with a cellphone connection to any base station managed by the MME may exploit this vulnerability without having to authenticate with the LTE core.

Product(s) Impacted

Product Versions
NextEPC MME
  • ['<= 1.0.1']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References

http://nextepc.com
https://cellularsecurity.org/ransacked

Tags

cve@mitre.org
CWE-121
2025-01-22
CVE-2023-36998

CVSS Score

8.9 / 10

CVSS Data - 3.1

  • Attack Vector: ADJACENT_NETWORK
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: CHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H

    View Vector String

Timeline

Published: Jan. 22, 2025, 3:15 p.m.
Last Modified: Feb. 6, 2025, 10:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.