A critical authentication bypass in the free5GC NEF component allows unauthenticated network attackers to access the OAM interface.

The OAM route group is mounted without any inbound OAuth2 or bearer-token middleware, exposing the interface to any attacker capable of reaching the Service-Based Architecture (SBI) network.

With a CVSS score of 10, this vulnerability allows for unauthenticated interaction with core network management functions. While currently a stub, the lack of an authentication boundary creates a structural defect that exposes the core network to unauthorized management operations, leading to potential denial of service or future exploitation of added OAM features.

Immediate Action: Upgrade to free5GC version 4.2.2 or higher to implement mandatory authentication middleware across all OAM route groups.

Proactive Monitoring: Monitor network traffic directed at the NEF SBI interface for unauthorized connection attempts or unexpected OAM requests.

Compensating Controls: Implement strict network segmentation and mTLS (mutual TLS) at the transport layer to ensure only authorized network functions can communicate with the NEF.

Public Exploit Available: Unknown

This is a critical security defect in a 5G core component. It is imperative that operators apply the 4.2.2 update immediately to establish a hardened authentication boundary for the OAM interface.