The role of the PSIRT team is to timely receive, assess and assist in handling vulnerabilities regarding A10 Networks’ products.
If you have an urgent matter concerning production systems, contact support.
Security Advisory ID | Published | Updated |
---|---|---|
ACOS/aGalaxy GUI RCE Vulnerability - CVE-2020-24384 | November 9th, 2020 | November 20th, 2020 |
NTP - CVE-2020-11868 | July 27th, 2020 | July 27th, 2020 |
CVE-2019-0140 – Ethernet Controller Firmware | April 24th, 2020 | April 24th, 2020 |
HTTP – Request Smuggling | March 19th, 2020 | March 19th, 2020 |
jQuery - CVE-2012-6708 | March 17th, 2020 | March 17th, 2020 |
SSL - CVE-2019-1551 | March 4th, 2020 | March 5th, 2020 |
SSH – Non-Unique SSH Host Key | November 6th, 2019 | November 6th, 2019 |
GUI/AXAPI – Non-Unique X.509 Certificate/Key | November 6th, 2019 | November 6th, 2019 |
SSL - CVE-2019-1563 | October 18th, 2019 | February 14th, 2020 |
HTTP/2 – Multiple DoS Vulnerabilities | October 18th, 2019 | October 18th, 2019 |
aflex TCL CoDE injection Exposures | September 9th, 2019 | October 2nd, 2019 |
GUI/AXAPI - Vulnerabilities #3 - ACOS 4.x | July 8th, 2019 | October 16th, 2019 |
TCP/IP – SACK Attack Vulnerabilities | June 30th, 2019 | October 11th, 2019 |
ACOS DNS Services and DNS Flag Day | January 30th, 2019 | February 15th, 2019 |
Other CPU Side-Channel Vulnerabilities | December 14th, 2018 | February 18th, 2020 |
Thunder – IPMI/LoM Vulnerabilities | November 27th, 2018 | May 2nd, 2019 |
WAF/SSLI – XML Vulnerabilities | November 27th, 2018 | November 27th, 2018 |
SSH - CVE-2018-15473 | October 11th, 2018 | October 11th, 2019 |
TLS-SSL - CVE-2016-2177 | October 10th, 2018 | November 9th, 2018 |
EX Series - CVE-2017-13704, CVE-2017-14491 | October 9th, 2018 | October 9th, 2018 |
NTP - CVE-2018-7184 | September 12th, 2018 | October 11th, 2019 |
GUI - HSTS MISSING IN REDIRECT FROM GET ROOT | September 12th, 2018 | October 11th, 2019 |
GUI/AXAPI - VULNERABILITIES #2 - ACOS 3.X, 4.X | September 12th, 2018 | October 11th, 2019 |
SYSTEM - VULNERABILITIES #2 - ACOS 3.X, 4.X | September 12th, 2018 | October 11th, 2019 |
SYSTEM - CVE-2017-18017 | August 19th, 2018 | October 11th, 2019 |
TCP/IP - CVE-2018-5390 (SEGMENTSMACK) | August 19th, 2018 | October 11th, 2019 |
TCP/IP - CVE-2018-5391 (FRAGMENTSMACK) | August 19th, 2018 | October 11th, 2019 |
TLS-SSL - CVE-2016-2182 | August 9th, 2018 | August 9th, 2018 |
TLS-SSL - CVE-2018-0739D | August 9th, 2018 | August 9th, 2018 |
TLS-SSL - CVE-2016-6306 | July 30th, 2018 | July 30th, 2018 |
ISAKMP-IKE - VPN DISABLED, UDP PORTS OPEN | July 29th, 2018 | November 9th, 2018 |
TLS-SSL - CVE-2016-6302 | July 29th, 2018 | July 29th, 2018 |
TLS - ROBOT VULNERABILITY FALSE-POSITIVES | July 29th, 2018 | July 29th, 2018 |
TLS-SSL - CVE-2016-2107 | July 22nd, 2018 | October 11th, 2019 |
TLS-SSL - CVE-2018-0732 | July 22nd, 2018 | July 27th, 2018 |
TLS-SSL - CVE-2017-3735 | July 22nd, 2018 | July 22nd, 2018 |
TLS-SSL - CVE-2017-3736/3737/3738 | July 22nd, 2018 | July 22nd, 2018 |
SSH - CVE-2016-0777 | July 22nd, 2018 | July 22nd, 2018 |
THUNDER LOM/IPMI - CVE-2013-4786 | July 22nd, 2018 | July 22nd, 2018 |
MGMT ACLs Can Override MGMT Service Disable Commands | July 19th, 2018 | October 11th, 2019 |
WAF - SQL Injection Attack (SQLIA) Vulnerability | July 18th, 2018 | July 23rd, 2018 |
TLS-SSL - CVE-2017-3732, CVE-2016-7055 | July 18th, 2018 | July 18th, 2018 |
HTTPD - CVE-2017-3169, CVE-2017-7679 | July 16th, 2018 | October 11th, 2019 |
SSH DH MODULUS <= 1024 BITS (LOGJAM) | July 14th, 2018 | October 17th, 2019 |
TLS/SSL - CVE-2016-10213 | July 12th, 2018 | July 12th, 2018 |
AUDIT LOG CLEAR - VULNERABILTY | July 12th, 2018 | October 17th, 2018 |
SPECTRE/MELTDOWN VULNERABILITIES | January 5th, 2018 | October 11th, 2019 |
Virtual Application Patch CVE-2017-9805 | September 15th, 2017 | September 15th, 2017 |
NTP - CVE-2017-6462, CVE-2017-6451, CVE-2016-9042 | August 10th, 2017 | January 25th, 2021 |
GUI - A10HELP XSS VULNERABILITY | August 9th, 2017 | August 9th, 2017 |
ICMP - TIMESTAMP RESPONSE, CVE-1999-0524 | August 8th, 2017 | October 17th, 2019 |
SSH - CVE-2016-3115, CVE-2010-5107 | August 8th, 2017 | October 16th, 2019 |
SSH - SHA2 HMACS, CVE-2008-5161, WEAK MACS | August 8th, 2017 | October 11th, 2019 |
SYSTEM - VULNERABILITIES #1 - ACOS 3.X, 4.X | August 7th, 2017 | October 11th, 2019 |
GUI/AXAPI - VULNERABILITIES #1 - ACOS 3.X, 4.X | August 4th, 2017 | October 16th, 2019 |
TLS/SSL - TLS 1.0 PROTOCOL SUPPORTED, CVE-2011-3389 | August 3rd, 2017 | October 24th, 2019 |
TLS/SSL - 3DES CIPHER SUPPORTED, CVE-2016-2183 | August 2nd, 2017 | October 21st, 2019 |
TLS/SSL - RC4 CIPHERS SUPPORTED, CVE-2013-2566, CVE-2015-2808 | August 1st, 2017 | October 17th, 2019 |
TLS/SSL - DES AND IDEA CIPHERS SUPPORTED | July 31st, 2017 | October 17th, 2019 |
SSH - CVE-2015-5600 | July 28th, 2017 | October 11th, 2019 |
NTP - CVE-2016-7429, CVE-2016-7433 | July 27th, 2017 | October 11th, 2019 |
TLS/SSL - CVE-2016-8610 | July 25th, 2017 | July 25th, 2017 |
TLS/SSL - CVE-2016-6304 | July 24th, 2017 | July 24th, 2017 |
#CVE-2016-2108 | May 11th, 2016 | May 11th, 2016 |
#CVE-2015-7547 | February 18th, 2016 | February 18th, 2016 |
#CVE-2015-7575 | February 17th, 2016 | February 17th, 2016 |
#CVE-2016-0777 and CVE-2016-0778 | January 18th, 2016 | January 18th, 2016 |
#CVE-2015-3195 | December 3rd, 2015 | December 3rd, 2015 |
#CVE-2015-5307 and CVE-2015-8104 | November 10th, 2015 | November 10th, 2015 |
#CVE-2015-7704, -7705, -7871 | October 26th, 2015 | October 26th, 2015 |
#CVE-2015-5621 | September 3rd, 2015 | September 3rd, 2015 |
#CVE-2015-{1788, 1789, 1790, 1791 and 1792} | June 18th, 2015 | June 18th, 2015 |
#CVE-2015-0290, CVE-2015-0291, CVE-2015-0204, CVE-2015-0286, CVE-2015-0292, CVE-2015-0209, CVE-2014-3571, CVE-2015-0206, CVE-2015-0207 | March 8th, 2015 | April 18th, 2018 |
#CVE-2015-0235 | February 2nd, 2015 | February 10th, 2015 |
#CVE-2014-3571, 3569, 3572, 8275, 3570 and #CVE-2015-0204, 0205, 0206 | January 8th, 2015 | January 8th, 2015 |
NTP (#CVE-2014-9293, #CVE-2014-9294, #CVE-2014-9295, #CVE-2014-9296) | December 29th, 2014 | December 29th, 2014 |
#CVE-2014-8730 | December 8th, 2014 | December 8th, 2014 |
Technical Support Advisory: Recommended SSL Templates for PFS (Perfect Forward Secrecy) Ciphers | November 4th, 2014 | November 4th, 2014 |
#CVE-2014-3513 and CVE-2014-3567 | October 15th, 2014 | October 15th, 2014 |
"POODLE" #CVE-2014-3566 | October 14th, 2014 | November 3rd, 2014 |
Shellshock Bash; Multiple #CVEs | October 1st, 2014 | March 13th, 2020 |
A10 Vulnerability to "Shellshock Bash" #CVE-2014-6271 | September 24th, 2014 | February 17th, 2020 |
OpenSSL Security Advisory | June 5th, 2014 | June 5th, 2014 |
ACOS Buffer Overflow Vulnerability Issued by NCCIC/US Cert (CVE-2014-3976) | April 9th, 2014 | June 2nd, 2014 |
A10 Products Not Vulnerable to OpenSSL CVE-2014-0160 (Heartbleed) | April 9th, 2014 | April 9th, 2014 |
A10 values submission of vulnerabilities by independent researchers and third parties.
In order to process them in the most expedient way possible, follow these steps:
If you are an A10 customer, please, do not use this method of submission open a support case
-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFx0RIQBCACvlD21KmpBClVXOdT7XuFlbs0KqUFEn3sOKH58zB20UBdz1KyP MXXoXFcU9Dy+EbwNsbZBQBTOF0ONMsLAdMELxczp7tAhh9KinHLYatAwT7fL8cqY izuZKOI2Bidhvno7hzcipyHIOkY2cT5+TxRtxtDKO6dMQVkvAZp9MfOEVDQzwsI7 bbQVSKTZpIAZ5EogpbfHuDh9o5/YV/zt590UFlc6L/N2yIuH1meUQ/mGMVXB2SMK 7vmZPxmHYK0So3a7UbUX0/kL7JDoeP1GmZkqTXxCClHhY6jaNccvUmOfRFN/0aKB yY+RAzD0VQdY5xC5LY6E2MfGHcK8uB5XfH5pABEBAAG0KFBTSVJULVBHS2V5LTIw MTkgPHBzaXJ0QGExMG5ldHdvcmtzLmNvbT6JAVQEEwEIAD4WIQRL0v+vF+dfeRUe PvX/AS41m6MCpAUCXHREhAIbAwUJBeLZLAULCQgHAgYVCgkICwIEFgIDAQIeAQIX gAAKCRD/AS41m6MCpBy4B/wKcaQHo/ARJlcdLmWo3wk/spcEJ7k5hxMM7P7cusEl 4wXCkf5HCH3esuKOQRxjocYkvU6ktWQyPdkHqBJvuZNT4Y+kWWv8FOFZ+ZnoO1Mg DdvP0S7Spo7uUa1ilWgzbZy34lKumX2h5abS3pX7KfhFf3qmY/SRwywpddkembPN KKv9FviBpLf6sk0Bpdk4kBJ/0puVBSNoJJFCMk8alf51pRGY3mQXm6AjAYlk/Pms rXalBCTCCatd7nzaIgutrbW4fQ501IAMKntOSU83pAccPqsYWO+pXoT7asKP7PGf +tjgIeXvPHYJu/PqjxawU58zEg3TAYVBBI6bIf/+Gdp4uQENBFx0RIQBCACxmqUw RLYcI+kOGN8NTfd3QQl2slSulcGQOt7xkCazEy8pj0OysW4iJAAcH4VekhXpV5yR JEg4F80F2DmDv8z8r2Oo7WNptidnXT4MLFQCzM2qEmElN4/gq6RdXk/d4Hb40Bbw ZTJzf0RWkSX1HGtieDwWT2AfAK1HHIcQuIjZlhR/4xRvHI3nELPgf83RzuxWbcP7 0zteXtncspMdqLpcnCvVnrbu3zH12EvOmkAfTzHjHD98oB9iWNN5ND6bF2VvCdK0 5YKrX/WY2Zbxkul2ygK1vhHAasl+X9DHwR3wT2SXVu6klhzUKwvdC/SHnPFQKf2A dVWhbPwH8zqAx4aXABEBAAGJATwEGAEIACYWIQRL0v+vF+dfeRUePvX/AS41m6MC pAUCXHREhAIbDAUJBeLZLAAKCRD/AS41m6MCpOthB/9o8MpgWj69g/2hiFSvR5Iu wYzqP46+4RiCBmqvSSvR5E7s/pJvY2KLo/ApAShT+wTdLILkqQcGMe1wKbBiwBGF 7wGrZvFwh8P3ouK3ORiaCHLVY/x9i5M6ZegcTJWoieNmBklavsuTLpYD6YJQuFTd JrNec2tS6MNc5yYpE2bJQoE+2y6yrGuI2T/xUT65IJhEGLqCjc+cc2h768V1LI3O He7JBX4zyXs5dfwt5PEH0H1o7RffWPRqk+exfcgLUDGp8WJBSN5V561GE12dHf5r HCoRDRUn/Zifi0MqP90BfjikbZzD7PYYQlxRLbBzqqkJmPhVzmMQjNHzHOVy1y0j =MYIG -----END PGP PUBLIC KEY BLOCK-----