PT-2020-15722 · A10 Networks · A10 Networks Acos+1

Frederic Ladouceur

Published

2020-11-10

Updated

2020-11-24

CVE-2020-24384

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions A10 Networks ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x aGalaxy versions 3.0.x, 3.2.x, and 5.0.x

Description A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems.

Recommendations For A10 Networks ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x, update to a version that includes the fix for this issue. For aGalaxy versions 3.0.x, 3.2.x, and 5.0.x, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the management GUIs until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-24384

Affected Products

A10 Networks Acos

Galaxy

PT-2020-15722 · A10 Networks · A10 Networks Acos+1

CVE-2020-24384

Related Identifiers

Affected Products

References · 5