Two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC) have been identified and patched, according to research from Trend Micro. The flaws, tracked as CVE-2024-20685 and ZDI-CAN-23960, stem from systemic weaknesses in authentication between base stations and packet cores. These vulnerabilities could have allowed attackers to cause service outages and network disruptions in private 5G deployments.
Security Implications for Enterprise Networks
The discovery of these vulnerabilities highlights critical risks in private 5G deployments, particularly for industrial and enterprise environments where network availability is paramount. Microsoft has addressed the issues through security updates, but the findings reveal broader authentication challenges in cellular network architectures. Security teams managing private 5G networks should prioritize patching and review authentication logging configurations.
Technical Breakdown of the Vulnerabilities
The vulnerabilities occur during the initial connection handshake between base stations and the packet core, specifically within the first three Next Generation Application Protocol (NGAP) messages before authentication completes. This timing creates a window where potential exploitation could occur before security contexts are fully established. Research indicates that 72% of cellular network vulnerabilities can be exploited without authentication, demonstrating systemic risks in current cellular architectures.
The two specific vulnerabilities include:
- CVE-2024-20685: A weakness in the authentication handshake that could allow unauthorized access to core network functions
- ZDI-CAN-23960: A protocol flaw that could enable service disruption through malformed NGAP messages
Potential Attack Scenarios
While Microsoft has patched these vulnerabilities, the research demonstrates concerning attack vectors that could impact network availability. Attackers could potentially intercept initial connection messages between base stations and core, inject malformed packets during the pre-authentication phase, or force service degradation. These risks are particularly acute for enterprise private 5G deployments supporting industrial IoT, manufacturing, and other sensitive applications where downtime has immediate operational impact.
Detection and Mitigation Strategies
Security teams should implement several protective measures for private 5G deployments:
- Apply all Microsoft security updates for Azure Private 5G Core immediately
- Implement network segmentation between radio access and core networks
- Enable enhanced logging for authentication events and NGAP message processing
- Monitor for abnormal NGAP message patterns or unexpected service interruptions
Broader Implications for Cellular Security
These vulnerabilities follow a pattern seen in other cellular network technologies, where authentication occurs too late in the connection process. Similar issues have been documented in 4G/5G access network protocols by researchers from Technische Universität Berlin and SINTEF Digital. As enterprises increasingly adopt private 5G for critical operations, security teams must extend their visibility and controls to these environments.
Recommended Actions for Security Teams
System administrators managing private 5G deployments should verify patch status of all AP5GC components and review authentication logs for suspicious activity. Network segmentation between gNBs and the core should be evaluated as an additional protective measure. The findings underscore the need for specialized security monitoring in private cellular networks, which often fall outside traditional enterprise security perimeters.
Conclusion
The discovery of these vulnerabilities in Microsoft Azure Private 5G Core highlights the evolving security challenges in private cellular networks. While the immediate risks have been addressed through patches, the research reveals broader authentication weaknesses in cellular architectures that warrant ongoing attention. As 5G core technologies mature, security teams should expect continued scrutiny and vulnerability discoveries in these critical network components.
