Home Magma CVE-2024-24424
Back to Magma

CVE-2024-24424

Magma - decode_access_point_name_ie function

Magma CVSS 7.5 Updated April 6, 2026

Executive Risk Summary

"A reachable assertion in the decode_access_point_name_ie function of Magma allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. This vulnerability affects Magma versions <= 1.8.0 and is fixed in version 1.9."

Anticipated Attack Path

  1. 1. Step 1: Craft a malicious NAS packet
  2. 2. Step 2: Send the packet to the Magma system
  3. 3. Step 3: Exploit the reachable assertion in the decode_access_point_name_ie function

Am I Vulnerable?

  • Verify Magma version is <= 1.8.0
  • Check for crafted NAS packets
  • Monitor system logs for Denial of Service (DoS) attempts

Operational Audit Arsenal

Target Type Network
Target Asset decode_access_point_name_ie function
Standard Path Magma system

Manual Verification Required

This is a non-Windows asset (Magma). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Unlikely

Minimal

Internal Work Notes

Magma system vulnerable to Denial of Service (DoS) via crafted NAS packet, upgrade to version 1.9 to mitigate

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://cellularsecurity.org/ransacked

Related Magma Threats

CVE-2024-24421 CVSS 9.8

Magma - nas_message_decode function
CVE-2024-24420 CVSS 7.5

Magma - decode_linked_ti_ie function
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.