CVE-2020-24384

Published Nov 10, 2020

Last updated 4 years ago

CVSS critical 9.8

Overview

Description: A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:a10networks:agalaxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5500256E-D48A-458D-ACCD-04CFFF02E865",
            "versionEndIncluding": "3.2.4",
            "versionStartIncluding": "3.2.1"
          },
          {
            "criteria": "cpe:2.3:a:a10networks:agalaxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43397743-A284-41A8-972D-61BB362C4DA3",
            "versionEndExcluding": "5.0.5",
            "versionStartIncluding": "5.0.1"
          },
          {
            "criteria": "cpe:2.3:a:a10networks:agalaxy:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE9B56DC-D45A-416E-AAC0-09B2D9D2CE93"
          },
          {
            "criteria": "cpe:2.3:a:a10networks:agalaxy:3.0.4:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34AD3D63-8524-422A-8CE4-392DE6F74104"
          },
          {
            "criteria": "cpe:2.3:a:a10networks:agalaxy:5.0.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC41B226-C249-4677-89CB-3787BD8F3B52"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6514C456-8CA5-4939-A80C-6A3081CC64F0"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.2:p8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28642F62-91FB-4F92-A4D1-53985F26FC75"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07E749B1-1A78-47B8-9BD4-0B5B6D95DBCE"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.3:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F305ADC-1134-4803-96FB-57C14822AF6B"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41F51E66-E577-424F-B74B-F306D49A802B"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.4:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EC8374A-A278-4263-80F3-746A887FBE82"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0ACFE471-EF10-4157-9236-13D6FEE298F7"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.5:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A22D257-3230-40BB-B50A-DD96EC5966AB"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.0.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20BA3258-B0A2-4A89-800B-2A9F4AC05761"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.0.1:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5DEA310-5EDE-4212-9D16-3067666A16FB"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18D0BE5E-B432-4F69-B6E9-EFF68AB04E86"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.0:p13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F4DC16D-4484-4C81-8F6C-288BD87A2073"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00FBA24A-2494-4C8C-A55F-5B215C4C18F7"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.1:p13:sp1:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "778A9624-7995-44E8-926C-82A3601DAD24"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD6BD1B0-D2A9-464E-945F-DEB1A7F944AD"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.2:p5:sp1:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "181C5A1C-19B7-4C19-AAFC-B417EA1C8CF9"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9631578F-ECEA-4215-B00E-79E89E191A09"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p4:sp1:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFAA40FD-6A6C-45A7-81DE-2824FC972FBF"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.100:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC830D1C-11B9-4E2F-BB61-532D731E74F1"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.100:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39207A9E-8C7A-477C-A6EA-CCB68FF0F8E2"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B414EAFE-FB76-4B64-8781-E2653A38D9F2"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "912D9FD6-D52E-42FA-9CF3-D84955E9907D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References