{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-53828", "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "state": "PUBLISHED", "assignerShortName": "ERIC", "dateReserved": "2024-11-22T14:21:37.002Z", "datePublished": "2026-04-01T09:49:18.214Z", "dateUpdated": "2026-04-01T12:39:41.380Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "shortName": "ERIC", "dateUpdated": "2026-04-01T09:49:18.214Z"}, "title": "Ericsson Packet Core Controller (PCC) - Improper Handling of Syntactically Invalid Structure Vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-228", "description": "CWE-228", "type": "CWE"}]}], "affected": [{"vendor": "Ericsson", "product": "Packet Core Controller (PCC)", "versions": [{"status": "affected", "version": "0", "lessThan": "1.38", "changes": [{"at": "1.38", "status": "unaffected"}], "versionType": "1.38"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Ericsson Packet Core Controller (PCC) versions prior\nto 1.38 contain a vulnerability where an attacker sending a large volume of\nspecially crafted messages may cause service degradation.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Ericsson Packet Core Controller (PCC) versions prior\nto 1.38 contain a vulnerability where an attacker sending a large volume of\nspecially crafted messages may cause service degradation."}]}], "references": [{"url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2024-53828"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "The UK\u2019s National Cyber Security Centre (NCSC)", "type": "finder"}, {"lang": "en", "value": "The UK Telecoms Lab (UKTL)", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T12:39:12.844626Z", "id": "CVE-2024-53828", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T12:39:41.380Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-53828", "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "state": "PUBLISHED", "assignerShortName": "ERIC", "dateReserved": "2024-11-22T14:21:37.002Z", "datePublished": "2026-04-01T09:49:18.214Z", "dateUpdated": "2026-04-01T12:39:41.380Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "shortName": "ERIC", "dateUpdated": "2026-04-01T09:49:18.214Z"}, "title": "Ericsson Packet Core Controller (PCC) - Improper Handling of Syntactically Invalid Structure Vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-228", "description": "CWE-228", "type": "CWE"}]}], "affected": [{"vendor": "Ericsson", "product": "Packet Core Controller (PCC)", "versions": [{"status": "affected", "version": "0", "lessThan": "1.38", "changes": [{"at": "1.38", "status": "unaffected"}], "versionType": "1.38"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Ericsson Packet Core Controller (PCC) versions prior\nto 1.38 contain a vulnerability where an attacker sending a large volume of\nspecially crafted messages may cause service degradation.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Ericsson Packet Core Controller (PCC) versions prior\nto 1.38 contain a vulnerability where an attacker sending a large volume of\nspecially crafted messages may cause service degradation."}]}], "references": [{"url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2024-53828"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "The UK\u2019s National Cyber Security Centre (NCSC)", "type": "finder"}, {"lang": "en", "value": "The UK Telecoms Lab (UKTL)", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-53828", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T12:39:12.844626Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T12:39:23.293Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ericsson:packet_core_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E40F8A9-F3D7-490D-9839-11DBE8734AB2", "versionEndIncluding": "1.38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ericsson Packet Core Controller (PCC) versions prior\nto 1.38 contain a vulnerability where an attacker sending a large volume of\nspecially crafted messages may cause service degradation."}], "id": "CVE-2024-53828", "lastModified": "2026-04-10T15:44:45.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-01T10:16:14.190", "references": [{"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "tags": ["Vendor Advisory"], "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2024-53828"}], "sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-228"}], "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.38)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[1.38,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Packet Core Controller (PCC)", "source": "cna", "vendor": "Ericsson"}, "product": "packet_core_controller", "vendor": "ericsson"}], "analysis": {"en": {"generated_at": "2026-04-10T16:27:02.950222+00:00", "value": {"mitigation_remediation": ["Upgrade the PCC to version 1.38 or later where the issue is fixed.", "If an immediate upgrade is not possible, monitor network traffic for unusually high volumes of malformed messages and block offending sources.", "Apply any existing Ericsson security patches or advisories that address related message handling vulnerabilities.", "Configure firewalls and rate\u2011limiting controls to mitigate large message bursts.", "Continue to follow Ericsson security announcements for updates and additional guidance."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affected products include Ericsson Packet Core Controller (PCC) versions earlier than 1.38. The exposure applies to all installations that run these earlier releases, regardless of deployment size or geographic region, as the flaw is in the core message handling layer. No further version granularity is provided in the advisory.", "description_and_impact": "The vulnerability arises from improper handling of syntactically invalid structures within the Ericsson Packet Core Controller. An attacker can send a large volume of specially crafted messages that the controller processes, leading to resource exhaustion and degraded service. This results in a denial\u2011of\u2011service condition, as the affected system may become unable to process legitimate traffic. The weakness aligns with CWE\u2011228, which addresses improper validation of input leading to resource depletion.", "risk_and_exploitability": "The CVSS score of 5.3 places the issue in the moderate range, but the EPSS value of less than 1% indicates a very low likelihood of exploitation in the wild. The advisory does not list the vulnerability in CISA's KEV catalog, further suggesting that active exploitation is not widespread. Based on the description, the likely attack vector is remote access to the controller over the network by sending malformed packets; no local privilege escalation is required."}}}}, "created": "2026-04-02T07:49:24.311547+00:00", "updated": "2026-04-13T14:28:08.033716+00:00", "vendors": ["ericsson", "ericsson$PRODUCT$packet_core_controller"]}