{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/ella-core/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Ella Core"],"_cs_severities":["high"],"_cs_tags":["vulnerability","denial-of-service","5G","ellacore"],"_cs_type":"advisory","_cs_vendors":["Ella Core"],"content_html":"\u003cp\u003eElla Core, a 5G core designed for private networks, is susceptible to a denial-of-service (DoS) vulnerability in versions prior to 1.6.0. This flaw, identified as CVE-2026-33282, stems from improper handling of malformed Next Generation Application Protocol (NGAP) LocationReport messages. Specifically, if the \u003ccode\u003eue-presence-in-area-of-interest\u003c/code\u003e event type is present without the optional \u003ccode\u003eUEPresenceInAreaOfInterestList\u003c/code\u003e information element (IE), the Ella Core process panics. An attacker, without requiring authentication, can exploit this by sending specially crafted NGAP messages to the vulnerable Ella Core instance. Successful exploitation results in a crash of the Ella Core process, leading to service disruption for all connected subscribers. The vendor addressed this vulnerability in version 1.6.0 by implementing IE presence verification in NGAP message handling.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Ella Core instance running a version prior to 1.6.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious NGAP LocationReport message.\u003c/li\u003e\n\u003cli\u003eThe crafted message includes the \u003ccode\u003eue-presence-in-area-of-interest\u003c/code\u003e event type.\u003c/li\u003e\n\u003cli\u003eCrucially, the \u003ccode\u003eUEPresenceInAreaOfInterestList\u003c/code\u003e information element (IE) is omitted from the message.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted NGAP message to the vulnerable Ella Core instance.\u003c/li\u003e\n\u003cli\u003eUpon receiving the malformed message, the Ella Core process attempts to parse the missing \u003ccode\u003eUEPresenceInAreaOfInterestList\u003c/code\u003e IE.\u003c/li\u003e\n\u003cli\u003eDue to the missing IE, the parsing operation fails, causing a panic within the Ella Core process.\u003c/li\u003e\n\u003cli\u003eThe Ella Core process crashes, leading to a denial of service condition for all connected subscribers.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-33282 leads to a denial-of-service condition affecting all subscribers connected to the vulnerable Ella Core instance. This can disrupt critical communication services in private 5G networks, potentially impacting industrial control systems, healthcare facilities, or other environments relying on uninterrupted connectivity. The severity is high due to the ease of exploitation (no authentication required) and the potential for widespread service disruption.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Ella Core instances to version 1.6.0 or later to patch CVE-2026-33282.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Malformed NGAP LocationReport Messages\u003c/code\u003e to identify potentially malicious NGAP messages being sent to Ella Core instances.\u003c/li\u003e\n\u003cli\u003eImplement network-level filtering to block or rate-limit NGAP traffic from suspicious sources.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-ella-core-dos/","summary":"Ella Core versions prior to 1.6.0 are vulnerable to a denial-of-service attack where a crafted NGAP LocationReport message with a missing `UEPresenceInAreaOfInterestList` can crash the process, disrupting service for all connected subscribers.","title":"Ella Core NGAP Message Handling Vulnerability Leads to Denial of Service","url":"https://feed.craftedsignal.io/briefs/2024-01-ella-core-dos/"}],"language":"en","title":"CraftedSignal Threat Feed - Ella Core","version":"https://jsonfeed.org/version/1.1"}