Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-30368

A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the CsrRequestView class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of a10user. Was ZDI-CAN-22517.

Published

2024-06-06T18:15:13.443

Last Modified

2024-11-21T09:11:47.493

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-78
  • Type: Primary
    CWE-77
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 4.1.4 Yes
Operating System a10networks advanced_core_operating_system 5.1.0 Yes
Operating System a10networks advanced_core_operating_system 5.1.0 Yes
Operating System a10networks advanced_core_operating_system 5.1.0 Yes
Operating System a10networks advanced_core_operating_system 5.1.0 Yes
Operating System a10networks advanced_core_operating_system 5.1.0 Yes
Operating System a10networks advanced_core_operating_system 5.2.0 Yes
Operating System a10networks advanced_core_operating_system 5.2.0 Yes
Operating System a10networks advanced_core_operating_system 5.2.1 Yes
Operating System a10networks advanced_core_operating_system 5.2.1 Yes
Operating System a10networks advanced_core_operating_system 5.2.1 Yes
Operating System a10networks advanced_core_operating_system 5.2.1 Yes
Operating System a10networks advanced_core_operating_system 5.2.1 Yes
Operating System a10networks advanced_core_operating_system 5.2.1 Yes
Operating System a10networks advanced_core_operating_system 5.2.1 Yes
Operating System a10networks advanced_core_operating_system 5.2.1 Yes
Operating System a10networks advanced_core_operating_system 5.2.1 Yes
Operating System a10networks advanced_core_operating_system 5.2.1 Yes
Operating System a10networks advanced_core_operating_system 6.0.0 Yes
Operating System a10networks advanced_core_operating_system 6.0.0 Yes
Operating System a10networks advanced_core_operating_system 6.0.0 Yes
Operating System a10networks advanced_core_operating_system 6.0.0 Yes
Operating System a10networks advanced_core_operating_system 6.0.1 Yes
Operating System a10networks advanced_core_operating_system 6.0.2 Yes
Operating System a10networks advanced_core_operating_system 6.0.2 Yes
Operating System a10networks advanced_core_operating_system 6.0.3 Yes
References