Ella Core 5G Private Network AMF Component Denial-of-Service Vulnerability

A deadlock vulnerability has been identified in the Ella Core 5G core network solution for private networks, specifically in versions prior to 1.7.0. The issue arises in the Access and Mobility Management Function (AMF) SCTP notification handler, where a deadlock can cause the entire AMF control plane to freeze, disrupting service for all subscribers. This denial-of-service condition persists until the process is manually restarted. The vulnerability can be exploited by an attacker with access to the N2 interface.

Impact

Exploitation of this vulnerability leads to a complete hang of the AMF control plane, causing a denial-of-service condition for all subscribers.

Remediation

Users can upgrade to Ella Core version 1.7.0 or later, which includes the necessary fix. Instructions for downloading this version are available on the Ella Networks GitHub repository.