Lucene search

[email protected]NVD:CVE-2024-30368

HistoryJun 06, 2024 - 6:15 p.m.

CVE-2024-30368

2024-06-0618:15:13

CWE-77

CWE-78

[email protected]

web.nvd.nist.gov

vulnerability

command injection

remote code execution

a10 thunder adc

authentication

csrrequestview

system call

zdi-can-22517

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.7%

JSON

A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability.

The specific flaw exists within the CsrRequestView class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of a10user. Was ZDI-CAN-22517.

Affected configurations

Nvd

Node

a10networksadvanced_core_operating_systemMatch4.1.4-

a10networksadvanced_core_operating_systemMatch4.1.4gr1

a10networksadvanced_core_operating_systemMatch4.1.4gr1-p1

a10networksadvanced_core_operating_systemMatch4.1.4gr1-p10

a10networksadvanced_core_operating_systemMatch4.1.4gr1-p11

a10networksadvanced_core_operating_systemMatch4.1.4gr1-p12

a10networksadvanced_core_operating_systemMatch4.1.4gr1-p13

a10networksadvanced_core_operating_systemMatch4.1.4gr1-p2

a10networksadvanced_core_operating_systemMatch4.1.4gr1-p3

a10networksadvanced_core_operating_systemMatch4.1.4gr1-p4

a10networksadvanced_core_operating_systemMatch4.1.4gr1-p5

a10networksadvanced_core_operating_systemMatch4.1.4gr1-p6

a10networksadvanced_core_operating_systemMatch4.1.4gr1-p7

a10networksadvanced_core_operating_systemMatch4.1.4gr1-p8

a10networksadvanced_core_operating_systemMatch4.1.4gr1-p9

a10networksadvanced_core_operating_systemMatch4.1.4p1

a10networksadvanced_core_operating_systemMatch4.1.4p2

a10networksadvanced_core_operating_systemMatch4.1.4p3

Node

a10networksadvanced_core_operating_systemMatch5.1.0-

a10networksadvanced_core_operating_systemMatch5.1.0p3

a10networksadvanced_core_operating_systemMatch5.1.0p4

a10networksadvanced_core_operating_systemMatch5.1.0p5

a10networksadvanced_core_operating_systemMatch5.1.0p6

a10networksadvanced_core_operating_systemMatch5.2.0-

a10networksadvanced_core_operating_systemMatch5.2.0p1

a10networksadvanced_core_operating_systemMatch5.2.1-

a10networksadvanced_core_operating_systemMatch5.2.1p1

a10networksadvanced_core_operating_systemMatch5.2.1p2

a10networksadvanced_core_operating_systemMatch5.2.1p3

a10networksadvanced_core_operating_systemMatch5.2.1p4

a10networksadvanced_core_operating_systemMatch5.2.1p5

a10networksadvanced_core_operating_systemMatch5.2.1p6

a10networksadvanced_core_operating_systemMatch5.2.1p7

a10networksadvanced_core_operating_systemMatch5.2.1p8

a10networksadvanced_core_operating_systemMatch5.2.1p9

Node

a10networksadvanced_core_operating_systemMatch6.0.0-

a10networksadvanced_core_operating_systemMatch6.0.0p1

a10networksadvanced_core_operating_systemMatch6.0.0p2

a10networksadvanced_core_operating_systemMatch6.0.0p2-sp1

a10networksadvanced_core_operating_systemMatch6.0.1

a10networksadvanced_core_operating_systemMatch6.0.2-

a10networksadvanced_core_operating_systemMatch6.0.2p1

a10networksadvanced_core_operating_systemMatch6.0.3-

VendorProductVersionCPE
a10networksadvanced_core_operating_system4.1.4cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:-:*:*:*:*:*:*
a10networksadvanced_core_operating_system4.1.4cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1:*:*:*:*:*:*
a10networksadvanced_core_operating_system4.1.4cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p1:*:*:*:*:*:*
a10networksadvanced_core_operating_system4.1.4cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p10:*:*:*:*:*:*
a10networksadvanced_core_operating_system4.1.4cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p11:*:*:*:*:*:*
a10networksadvanced_core_operating_system4.1.4cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p12:*:*:*:*:*:*
a10networksadvanced_core_operating_system4.1.4cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p13:*:*:*:*:*:*
a10networksadvanced_core_operating_system4.1.4cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p2:*:*:*:*:*:*
a10networksadvanced_core_operating_system4.1.4cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p3:*:*:*:*:*:*
a10networksadvanced_core_operating_system4.1.4cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p4:*:*:*:*:*:*

Vendor	Product	Version	CPE
a10networks	advanced_core_operating_system	4.1.4	cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:-::::::
a10networks	advanced_core_operating_system	4.1.4	cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1::::::
a10networks	advanced_core_operating_system	4.1.4	cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p1::::::
a10networks	advanced_core_operating_system	4.1.4	cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p10::::::
a10networks	advanced_core_operating_system	4.1.4	cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p11::::::
a10networks	advanced_core_operating_system	4.1.4	cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p12::::::
a10networks	advanced_core_operating_system	4.1.4	cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p13::::::
a10networks	advanced_core_operating_system	4.1.4	cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p2::::::
a10networks	advanced_core_operating_system	4.1.4	cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p3::::::
a10networks	advanced_core_operating_system	4.1.4	cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p4::::::

Rows per page:

1-10 of 431

References

support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369

www.zerodayinitiative.com/advisories/ZDI-24-524/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.7%

JSON

Related for NVD:CVE-2024-30368

cve1 cvelist1 vulnrichment1 zdi2