-
Epic
-
Resolution: Unresolved
-
Medium
-
None
-
None
-
G-release
-
implement authentication and authorization in internal xApp-facing and operator-facing interfaces
Note that RIC-1001 goes in the same direction and both are related to first implementing A&A on these interfaces.
I would like to report issues related to the potential misuse of the E2Manager API
E2Manager possesses an API that allows users to invoke it for the purpose of shutting down all connected NodeBs.
//E2Manager shutdown api (Swagger) path: /nodeb/shutdown: put: tags: - nodeb summary: Close all connections to the RANs responses: '200': description: 'Operation succeeded internally, outbound calls failed' content: application/json: schema: $ref: '#/components/schemas/RedButtonPartialSuccessResponseModel' '204': description: Successful operation '500': description: Internal Error content: application/problem+json: schema: $ref: '#/components/schemas/ErrorResponse'
Due to the absence of user authentication in API invocation, E2Manager accepts calls from any user, thus providing attackers with an opportunity to disrupt the availability of NodeBs
Impact:
An attacker can utilize the xApp to invoke this API and send a request to E2mgr to shut down all nodeBs.
PoC:
The attachment is a simple example of invoking an API. An attacker can package this program into an xApp to launch an attack.
Use the following command to invoke the API with the HTTP IP address of 'e2mgr'.
./curl <service-ricplt-e2mgr-http_ip>
- relates to
-
RIC-1001 CVE-2023-41627 RMR service doesn't verify the route tables it receives
- To Do