CVE-2022-3887025.10.2022, 17:15Free5gc v3.2.1 is vulnerable to Information disclosure.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7.5 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NmitreCNA------CVEADP------CISA-ADPADP7.5 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NBase ScoreCVSS 3.xEPSS ScorePercentile: 99%VendorProductVersionfree5gcfree5gc3.2.1𝑥= Vulnerable software versionsKnown Exploits!https://github.com/free5gc/free5gc/issues/387https://github.com/free5gc/free5gc/issues/387Common Weakness EnumerationCWE-306 - Missing Authentication for Critical FunctionThe product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Referenceshttps://github.com/free5gc/free5gc/issues/387https://github.com/free5gc/free5gc/issues/387