PT-2014-5649 · A10 Networks · Acos

Published

2014-06-05

Updated

2015-09-02

CVE-2014-3976

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions A10 Networks Advanced Core Operating System (ACOS) versions prior to 2.7.0-p6 A10 Networks Advanced Core Operating System (ACOS) versions prior to 2.7.1-P1 55

Description The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to "sys reboot.html".

Recommendations For versions prior to 2.7.0-p6, update to version 2.7.0-p6 or later. For versions prior to 2.7.1-P1 55, update to version 2.7.1-P1 55 or later. As a temporary workaround, consider restricting access to the "sys reboot.html" endpoint until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2014-3976

Affected Products

Acos

PT-2014-5649 · A10 Networks · Acos

CVE-2014-3976

Weakness Enumeration

Related Identifiers

Affected Products

References · 9