A high-severity vulnerability has been identified in multiple Assertion products, specifically within a core component of 5G network infrastructure. An unauthenticated attacker could remotely send a specially crafted message to trigger a system crash, resulting in a denial of service and disrupting mobile network operations for connected users. Immediate application of vendor-provided security updates is required to mitigate this risk.

The vulnerability is an assertion failure within the ngap_build_downlink_nas_transport function, which is part of the Access and Mobility Management Function (AMF) in 5G core networks. This function is responsible for handling control plane communications. An unauthenticated, remote attacker can exploit this flaw by sending a specifically malformed NGAP (NG Application Protocol) message to the affected AMF, which fails to handle the unexpected input. This triggers the assertion, causing the AMF process to terminate abruptly and resulting in a denial-of-service (DoS) condition.

This vulnerability is rated as High severity with a CVSS score of 7.5, reflecting the significant potential for operational disruption. Exploitation would lead to a denial of service in the AMF, a critical component of the 5G core network responsible for connection and mobility management. The business consequences include service outages for subscribers, potential violation of Service Level Agreements (SLAs), reputational damage, and customer churn. The primary risk is the loss of availability for critical telecommunications services.

Immediate Action: The primary remediation is to apply the security updates provided by Assertion to all affected systems without delay. After patching, system administrators should closely monitor AMF service stability and review system and access logs for any signs of abnormal behavior or potential exploitation attempts that may have occurred prior to patching.

Proactive Monitoring: Implement enhanced monitoring on network interfaces handling NGAP traffic. Configure alerts for unexpected AMF process crashes or restarts. Security teams should monitor network traffic for malformed or anomalous NGAP packets and review AMF logs specifically for entries related to the ngap_build_downlink_nas_transport function or assertion failures.

Compensating Controls: If immediate patching is not feasible, consider implementing network-level controls as a temporary measure. Utilize an Intrusion Prevention System (IPS) with signatures capable of detecting and blocking malformed NGAP traffic targeting this vulnerability. Ensure that network access control lists (ACLs) are properly configured to restrict NGAP traffic to only trusted and authenticated network elements (e.g., gNodeBs).

Public Exploit Available: false

Given the high severity (CVSS 7.5) and the critical role of the affected AMF component, we strongly recommend that organizations prioritize the immediate deployment of the vendor-supplied patches. While this vulnerability is not currently listed on the CISA KEV list, its potential to cause significant service disruption warrants urgent attention. Organizations should treat this as a critical priority and follow the outlined remediation and monitoring plan to protect their 5G network infrastructure from potential outages.