Can you explain this vulnerability to me?

CVE-2026-33907 is a vulnerability in Ella Core, a 5G core designed for private networks, affecting versions prior to 1.7.0. The issue occurs when the software processes NAS (Non-Access Stratum) Authentication Response or Authentication Failure messages that are missing required Information Elements (IEs). Specifically, the system dereferences pointers that are NULL due to these missing IEs, causing a panic (crash) of the Ella Core process.

This happens because the code does not check for the presence of critical IEs like AuthenticationFailureParameter or AuthenticationResponseParameter before using them, leading to a nil pointer dereference. The vulnerability allows an attacker to send crafted NAS messages without any authentication or privileges to trigger this crash.

Version 1.7.0 fixed this by adding explicit checks for the presence of these IEs during NAS message handling, returning errors instead of panicking when IEs are missing.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can cause a denial of service (DoS) by crashing the Ella Core process when it receives specially crafted NAS messages missing required Information Elements.

As a result, all connected subscribers relying on the affected Ella Core instance may experience service disruption and loss of connectivity.

The attack requires no authentication or privileges and can be performed from an adjacent network, making it relatively easy to exploit.

While confidentiality and integrity are not impacted, the availability of the service is severely affected.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for crashes or panics in the Ella Core process when it processes NAS Authentication Response or Authentication Failure messages.

Specifically, look for logs or error messages indicating nil pointer dereferences related to missing Information Elements (IEs) such as AuthenticationFailureParameter or AuthenticationResponseParameter.

Since the vulnerability is triggered by crafted NAS messages missing these IEs, network traffic analysis tools can be used to capture and inspect NAS messages for missing mandatory IEs.

Commands to assist detection might include:

• Using system logs to check for process crashes or panics related to Ella Core, e.g., `journalctl -u ella-core.service` or `dmesg | grep panic`.
• Capturing NAS messages on the network interface with tools like tcpdump: `tcpdump -i <interface> -w capture.pcap 'udp port <NAS_port>'`.
• Analyzing captured NAS messages with Wireshark or similar tools to identify Authentication Response or Failure messages missing required IEs.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade Ella Core to version 1.7.0 or later, where the vulnerability is fixed by adding presence verification checks for mandatory Information Elements in NAS messages.

Until the upgrade can be applied, consider implementing network-level filtering to block or restrict unauthenticated NAS Authentication Response and Authentication Failure messages from untrusted sources to reduce the risk of crafted messages causing a crash.

Monitoring the system for crashes and restarting the service promptly can help reduce downtime.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability causes a denial of service by crashing the Ella Core process when processing malformed NAS messages, leading to service disruption for all connected subscribers.

While the vulnerability impacts availability, it does not affect confidentiality or integrity of data.

There is no direct information provided about how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0