Primary

Context

Ella Core NGAP Location Report Processing Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in Ella Core versions prior to 1.6.0. The issue arises when the software processes a malformed NGAP LocationReport message that includes the 'ue-presence-in-area-of-interest' event type but omits the optional 'UEPresenceInAreaOfInterestList' information element. This flaw can be exploited by an attacker who sends crafted NGAP messages to Ella Core, causing the application to crash and disrupting service for all connected subscribers. Notably, no authentication is required to exploit this vulnerability.

Impact

Exploitation of this vulnerability causes the application to panic and crash, leading to a service disruption for all connected subscribers.

Remediation

Users can upgrade to Ella Core version 1.6.0 or later, where this vulnerability has been patched by adding verification for the presence of the information element in NGAP message handling.

Added: Mar 24, 2026, 12:24 AM

Updated: Mar 24, 2026, 12:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ella Core NGAP Location Report Processing Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating