Skip to main content

Ericsson CVE-2024-53828

| EUVDEUVD-2024-55516 MEDIUM
Improper Handling of Syntactically Invalid Structure (CWE-228)
2026-04-01 85b1779b-6ecd-4f52-bcc5-73eac4659dcf GHSA-q3hg-jp42-4pfq
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Patch available
Apr 16, 2026 - 05:29 EUVD
1.38
EUVD ID Assigned
Apr 01, 2026 - 10:22 euvd
EUVD-2024-55516
CVE Published
Apr 01, 2026 - 10:16 nvd
MEDIUM 5.3

DescriptionCVE.org

Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.

AnalysisAI

Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Technical ContextAI

This vulnerability is classified under CWE-228. Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation. Affected products include: Ericsson Packet Core Controller.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-2166 MEDIUM POC
5.0 Apr 06

Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5

CVE-2018-9245 CRITICAL POC
9.8 Apr 22

The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that a

CVE-2018-10285 CRITICAL POC
9.8 Apr 22

The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Rated critical severity (CVSS

CVE-2021-43339 HIGH POC
8.8 Nov 03

In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file

CVE-2018-10286 HIGH POC
8.8 Apr 22

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and th

CVE-2021-41390 HIGH POC
8.0 Sep 17

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is v

CVE-2018-15138 HIGH POC
7.5 Aug 15

Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. Rated high severity (CVSS

CVE-2019-7417 MEDIUM POC
6.1 Mar 21

XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as

CVE-2015-2167 MEDIUM POC
5.8 Apr 06

Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 all

CVE-2021-41391 MEDIUM POC
5.4 Sep 17

In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vul

CVE-2020-29145 MEDIUM POC
5.4 Nov 27

In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS v

CVE-2020-29144 MEDIUM POC
5.4 Nov 27

In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via

Share

CVE-2024-53828 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy