CVE-2014-3976

Name of the Vulnerable Software and Affected Versions A10 Networks Advanced Core Operating System (ACOS) versions prior to 2.7.0-p6 A10 Networks Advanced Core Operating System (ACOS) versions prior to 2.7.1-P1 55

Description The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to "sys reboot.html".

Recommendations For versions prior to 2.7.0-p6, update to version 2.7.0-p6 or later. For versions prior to 2.7.1-P1 55, update to version 2.7.1-P1 55 or later. As a temporary workaround, consider restricting access to the "sys reboot.html" endpoint until a patch is available.