CVE-2024-30368

Published Jun 6, 2024

Last updated 2 months ago

CVSS high 8.8

Overview

Description: A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the CsrRequestView class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of a10user. Was ZDI-CAN-22517.
Source: zdi-disclosures@trendmicro.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-77
zdi-disclosures@trendmicro.com: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9631578F-ECEA-4215-B00E-79E89E191A09"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B958B188-D5AF-44C9-9BCC-2CCA005B98A4"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0883D4AC-8C5B-458A-876F-CF570EEB0146"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DFFBBF2-E1FC-4B42-A1CD-B3FB67906D4D"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC015A07-1951-46AB-8466-27BA76060E3C"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF8058B1-CA56-4DAD-9655-7EF7B16430B7"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DBCE7ED-3E64-4976-915C-5BA16C2DACDF"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAF71588-C4F2-48F5-8D0C-D5B5E073D435"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54E848B1-5691-4724-BD9F-0734ED3203DE"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDAFED8E-268B-417B-ACB0-DD13B0B4F98E"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40FDFFC6-6CA9-4A9B-9B5F-8060A17F3B61"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFE9F160-FEEE-4541-AED2-2596E66B3232"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FA649CA-A839-4226-86D5-054A4866E0A1"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20693C67-0BA2-492D-BEF5-D030ADE01BD4"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6245D321-25B0-4A6B-9B3F-77B7FE36FCA3"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F993C993-D118-45A3-9F95-382B54E25439"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A07BA640-B5C1-43AF-8AF9-949A46CB01B0"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C51A689A-8334-4997-ADB9-3420B40D4366"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B414EAFE-FB76-4B64-8781-E2653A38D9F2"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "912D9FD6-D52E-42FA-9CF3-D84955E9907D"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3A46FE8-F0F5-4E28-A161-53F38FABD96B"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED63FC6B-4925-47BE-A41D-9DD3C45A2393"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D0CA74D-733A-4F6B-A524-A55E1FBEE390"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "295BC404-0D55-4CCD-B560-F09660A1EBA5"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.0:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC60D936-4B5A-4CB1-B026-5E53A9CBA9A0"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17DC4C4E-CEE1-436A-B72F-91CE78465004"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0FFF9D4-4301-45E8-B3F2-585322FA5EF1"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "855FA85C-0BAE-404A-B23B-2A4B0044304B"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96DEFC5B-F240-4614-881C-B0D0C5B61D24"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C458DFE-C29E-4B23-8190-056DC60961CB"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BF8645F-FAEF-4B80-879E-9E5BB90194C0"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA988842-7A35-4FDE-8A49-3886317DD562"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9E299E7-5509-4A39-99DA-5E25751C7598"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC39BD39-6DE5-44F7-9EB3-7CE6A3C3788A"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3894037-A372-4333-8F67-1FE3C051F4FD"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF4A10A8-6188-4A78-B9D8-81860AE5DE87"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA78B990-1FAF-44C6-B3D9-0D8B5BD43E66"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D97ECCE-3444-4C6B-A762-DFEFC258B7E3"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p2-sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DC9B659-3801-451A-9F91-BB24B4B9DA4C"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0563C77A-38A5-4A57-A861-C343F04A0246"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0E9CC13-3322-4125-BC9B-3BDE06CAEE34"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.2:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B44E3F7E-6960-4C1A-B741-039382EAA335"
          },
          {
            "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED618378-2172-4835-AF85-3C9327EC36EF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

Weaknesses

Social media

Configurations

References