Researchers from the University of Florida and North Carolina State University have identified nearly 120 vulnerabilities in the LTE / 5G core infrastructure. The flaws affect seven LTE implementations and three 5G implementations, both open source and commercial, and could be exploited to cause “persistent denial of cell service to an entire metropolitan area or city and [in some cases] remotely compromise and access the cellular core.” The researchers contacted affected maintainers and allowed a minimum of 90 days for patch development before disclosing the issues. In all, the 119 discovered vulnerabilities resulted in 97 unique CVEs. Their whitepaper, “RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces,” describes their methods and process. Ref https://cellularsecurity.org/ransacked
