CVE-2023-36998
HIGH EPSS 31.6%
Published Jan 22, 20251y ago · Modified Jun 17, 20262w ago
8.9 CVSS 3.1
Published Jan 22, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack-based buffer overflow vulnerability in the Emergency Number List decoding method. An attacker may send a NAS message containing an oversized Emergency Number List value to the MME to overwrite the stack with arbitrary bytes. An attacker with a cellphone connection to any base station managed by the MME may exploit this vulnerability without having to authenticate with the LTE core.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H Attack Vector Adjacent
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality Low
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
31.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-121
References 2
- nextepc.com http://nextepc.com
- cellularsecurity.org https://cellularsecurity.org/ransacked
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.