A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability.
The specific flaw exists within the CsrRequestView class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of a10user. Was ZDI-CAN-22517.
Metrics
Affected Vendors & Products
References
History
Tue, 24 Sep 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
A10networks
A10networks advanced Core Operating System |
|
Weaknesses | CWE-77 | |
CPEs | cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:-:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p10:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p11:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p12:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p13:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p1:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p2:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p3:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p4:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p5:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p6:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p7:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p8:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p9:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p1:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p2:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p3:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:-:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p3:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p4:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p5:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p6:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.0:-:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.0:p1:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:-:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p1:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p2:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p3:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p4:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p5:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p6:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p7:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p8:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p9:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:-:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p1:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p2-sp1:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p2:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.1:*:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.2:-:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.2:p1:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.3:-:*:*:*:*:*:* |
|
Vendors & Products |
A10networks
A10networks advanced Core Operating System |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: zdi
Published: 2024-06-06T17:52:47.342Z
Updated: 2024-08-02T01:32:07.216Z
Reserved: 2024-03-26T18:52:36.418Z
Link: CVE-2024-30368
Vulnrichment
Updated: 2024-08-02T01:32:07.216Z
NVD
Status : Modified
Published: 2024-06-06T18:15:13.443
Modified: 2024-11-21T09:11:47.493
Link: CVE-2024-30368
Redhat
No data.