Primary

Context

Ella Core Denial-of-Service Vulnerability in UL NAS Transport Message Processing

Vulnerability

A denial-of-service vulnerability has been identified in Ella Core versions prior to 1.6.0. The issue arises when the application processes malformed UL NAS Transport messages that lack a Request Type. An attacker can exploit this vulnerability by sending crafted NAS messages to Ella Core, causing the application to panic and crash. This disruption affects all connected subscribers, and no authentication is required to exploit the vulnerability.

Impact

Exploitation of this vulnerability leads to a process crash, causing service disruption for all connected subscribers.

Remediation

Users can upgrade to Ella Core version 1.6.0 or later, where this vulnerability has been patched.

Added: Mar 24, 2026, 12:23 AM

Updated: Mar 24, 2026, 12:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ella Core Denial-of-Service Vulnerability in UL NAS Transport Message Processing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating