Ella Core NGAP Location Report Processing Vulnerability Leading to Denial-of-Service
Vulnerability
A denial-of-service vulnerability has been identified in Ella Core versions prior to 1.7.0. The issue arises when the application processes specially crafted NGAP LocationReport messages, causing the application to panic and crash. This disruption affects all connected subscribers. An attacker who can send these crafted NGAP messages can exploit this vulnerability to cause a service outage.
Impact
Exploitation of this vulnerability leads to a process crash, causing a service disruption for all connected subscribers.
Reproduction
The vulnerability can be reproduced by sending a crafted NGAP LocationReport message to an instance of Ella Core running a version prior to 1.7.0. This can be done by targeting the application's NGAP message processing functionality, which is part of the 5G core network management.
Remediation
Users can upgrade to Ella Core version 1.7.0 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.