CVE-2016-10213
https://notcve.org/view.php?id=CVE-2016-10213
A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. A10 AX1030 y posiblemente otros dispositivos con software en versiones anteriores a 2.7.2-P8 utiliza generaciones aleatorias de GCM nonce, lo que facilita a atacantes remotos obtener la clave de autenticación y suplantar datos aprovechando un nonce reutilizado en una sesión y un "ataque prohibido", un problema similar a CVE-2016-0270. • http://www.securityfocus.com/bid/96163 https://github.com/nonce-disrespect/nonce-disrespect https://www.a10networks.com/blog/cve-2016-0270-gcm-nonce-vulnerability • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-3976 – A10 Networks ACOS 2.7.0-P2 (Build 53) - Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2014-3976
Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. NOTE: some of these details are obtained from third party information. Desbordamiento de buffer en A10 Networks Advanced Core Operating System (ACOS) anterior a 2.7.0-p6 y 2.7.1 anterior a 2.7.1-P1_55 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una sesión id larga en la URI en sys_reboot.html. NOTA: algunos de estos detalles se obtienen de información de terceras partes. • https://www.exploit-db.com/exploits/32702 http://osvdb.org/show/osvdb/105354 http://packetstormsecurity.com/files/125979/A10-Networks-ACOS-2.7.0-P2-Buffer-Overflow.html http://seclists.org/fulldisclosure/2014/Apr/16 http://secunia.com/advisories/57640 http://www.exploit-db.com/exploits/32702 http://www.quantumleap.it/a10-networks-remote-buffer-overflow-softax http://www.securityfocus.com/bid/66588 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •