Ella Core Audit Log Falsification Vulnerability via IMSI Mismatch in Subscriber Update API
Vulnerability
A vulnerability exists in Ella Core versions prior to 1.8.0, specifically in the PUT /api/v1/subscriber/{imsi} API. This API accepts an IMSI identifier from both the URL path and the JSON request body but fails to verify that they match. As a result, an authenticated NetworkManager can alter any subscriber's policy while the audit trail records a fabricated or unrelated subscriber IMSI. This discrepancy can hinder post-incident forensic searches for the affected subscriber's IMSI, as no matching audit entries would be found.
Impact
This vulnerability allows a NetworkManager or Admin to modify any subscriber's Quality of Service (QoS) policy, potentially degrading service or altering traffic routing, all while the audit log incorrectly attributes the change to a non-existent or unrelated subscriber.
Remediation
Users can upgrade to Ella Core version 1.8.0, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.