Athonet MME Buffer Overflow Vulnerability Leading to Denial-of-Service

A buffer overflow vulnerability has been identified in the Athonet MME component of HPE Athonet Core products. This vulnerability is triggered by an E-RAB Release Command packet that contains a malformed NAS PDU, causing the MME to crash. The issue is present in Athonet Core versions 11.1 and below, as well as in versions 11.2 through 11.6 under certain configuration settings.

Impact

Exploitation of this vulnerability causes the Athonet MME to crash, leading to a denial-of-service condition on the cellular network.

Remediation

Users are advised to upgrade to HPE Athonet Core 11.6. For versions 11.2 and later but earlier than 11.6, the upgrade to 11.6 is recommended. After upgrading, migrate the configuration to the 'eMME' (Enhanced MME) configuration page. HPE Support can assist with the migration if needed.