free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticat…

A vulnerability in free5GC, an open-source 5G core network implementation, allows unauthenticated access to SM policy control handlers due to missing authentication middleware in the PCF component. The vulnerability affects versions prior to 4.2.2 and allows unauthorized access to subscriber policy management endpoints including creation, updating, and deletion of SM policies. This can lead to disclosure of subscriber SUPI (Subscription Permanent Identifier) information. The issue occurs because the smPolicyGroup route group lacks proper RouterAuthorizationCheck middleware that other PCF service groups have implemented. The vulnerability has been patched in version 4.2.2.