CVE-2023-46324

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 23, 2023
Updated: Jan 9, 2024
CWE ID 347

Summary

CVE-2023-46324 is a vulnerability affecting the free5GC udm software before version 1.2.0. When Go version 1.19 or older is used, this issue allows an attacker to conduct an Invalid Curve Attack. The vulnerability arises because the software computes shared secrets using unvalidated public keys in the pkg/suci/suci.go file. The attacker can exploit this by sending malicious SUCIs to the UDM, which attempts to decrypt them using both its own private key and the attacker's unverified public key. This increases the risk of successful man-in-the-middle attacks and data breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-46324 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database