Primary

Context

Ella Core NGAP Message Processing Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Ella Core versions prior to 1.6.0. The issue arises when the software processes NGAP messages containing invalid PDU Session IDs outside the range of 1 to 15, leading to a process crash. This disruption affects all connected subscribers, causing a significant service outage. Notably, no authentication is required to exploit this vulnerability.

Impact

Exploitation of this vulnerability causes the process to crash, disrupting service for all connected subscribers.

Remediation

Users can upgrade to Ella Core version 1.6.0 or later, where this vulnerability has been addressed by adding PDU Session ID validations during NGAP message handling.

Added: Mar 24, 2026, 12:24 AM

Updated: Mar 24, 2026, 12:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ella Core NGAP Message Processing Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating