CVE-2021-28122 : Vulnerability Insights and Analysis

A request-validation issue in Open5GS 2.1.3 through 2.2.x before 2.2.1 allows unauthorized users to manipulate the subscriber database through crafted HTTP requests.

Understanding CVE-2021-28122

This CVE describes a vulnerability in Open5GS that enables unauthenticated users to modify entries in the subscriber database.

What is CVE-2021-28122?

The vulnerability lies in the WebUI component of Open5GS, where an unauthenticated user can exploit a crafted HTTP API request to perform unauthorized actions, such as adding new administrative users.

The Impact of CVE-2021-28122

This issue poses a significant security risk as it allows unauthorized users to manipulate the subscriber database, potentially leading to data breaches and unauthorized access.

Technical Details of CVE-2021-28122

The following technical details outline the specifics of this vulnerability.

Vulnerability Description

The vulnerability exists in Open5GS versions 2.1.3 through 2.2.x before 2.2.1, stemming from the lack of authentication enforcement in the Express framework.

Affected Systems and Versions

All systems running Open5GS versions 2.1.3 through 2.2.x are affected by this vulnerability.

Exploitation Mechanism

Unauthorized users can exploit this vulnerability by sending specially crafted HTTP API requests to the WebUI component of Open5GS to manipulate the subscriber database.

Mitigation and Prevention

To address CVE-2021-28122, consider the following mitigation strategies.

Immediate Steps to Take

Update Open5GS to version 2.2.1 to mitigate the vulnerability.
Restrict network access to the Open5GS WebUI component.

Long-Term Security Practices

Implement proper authentication mechanisms in the WebUI component to prevent unauthorized access.
Regularly monitor and audit the subscriber database for any unauthorized changes.

Patching and Updates

Apply patches and updates provided by Open5GS to ensure the security of your systems.