CVSS: 9.0EPSS: 6%CPEs: 2EXPL: 0CVE-2024-30368 – A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30368
29 May 2024 — A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the CsrRequestView class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. • https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-30369 – A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-30369
29 May 2024 — A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. The issue results from incorrect permissions on a file. • https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 0CVE-2023-42129 – A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-42129
04 Oct 2023 — A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the ShowTechDownloadView class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://support.a10networks.com/support/security_advisory/a10-acos-file-access-vulnerability • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.7EPSS: 17%CPEs: 1EXPL: 0CVE-2023-42130 – A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2023-42130
04 Oct 2023 — A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability. This vulnerability allows remote attackers to read and delete arbitrary files on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileMgmtExport class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://support.a10networks.com/support/security_advisory/a10-acos-file-access-vulnerability • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •