• |
[sssForm]

Product Security Incident Response Team (PSIRT)

Our team is here to help

The role of the PSIRT team is to timely receive, assess and assist in handling vulnerabilities regarding A10 Networks’ products.

For A10 customers

If you have an urgent matter concerning production systems, contact support.

Contact Support
Security Advisories
RSS
Security Advisory ID Published Updated
GUI/AXAPI – Non-Unique X.509 Certificate/Key November 6th, 2019 November 6th, 2019
SSH – Non-Unique SSH Host Key November 6th, 2019 none
HTTP/2 – Multiple DoS Vulnerabilities October 18th, 2019 October 18th, 2019
SSL - CVE-2019-1563 October 18th, 2019 October 18th, 2019
aflex TCL CoDE injection Exposures September 9th, 2019 October 2nd, 2019
GUI/AXAPI - Vulnerabilities #3 - ACOS 4.x July 8th, 2019 October 16th, 2019
TCP/IP – SACK Attack Vulnerabilities June 30th, 2019 October 11th, 2019
ACOS DNS Services and DNS Flag Day January 30th, 2019 February 15th, 2019
Thunder – IPMI/LoM Vulnerabilities November 27th, 2018 May 2nd, 2019
WAF/SSLI – XML Vulnerabilities November 27th, 2018 November 27th, 2018
SSH - CVE-2018-15473 October 11th, 2018 October 11th, 2019
TLS-SSL - CVE-2016-2177 October 10th, 2018 November 9th, 2018
NTP - CVE-2018-7184 September 12th, 2018 October 11th, 2019
GUI - HSTS MISSING IN REDIRECT FROM GET ROOT September 12th, 2018 October 11th, 2019
GUI/AXAPI - VULNERABILITIES #2 - ACOS 3.X, 4.X September 12th, 2018 October 11th, 2019
SYSTEM - VULNERABILITIES #2 - ACOS 3.X, 4.X September 12th, 2018 October 11th, 2019
SYSTEM - CVE-2017-18017 August 19th, 2018 October 11th, 2019
TCP/IP - CVE-2018-5390 (SEGMENTSMACK) August 19th, 2018 October 11th, 2019
TCP/IP - CVE-2018-5391 (FRAGMENTSMACK) August 19th, 2018 October 11th, 2019
TLS-SSL - CVE-2016-2182 August 9th, 2018 August 9th, 2018
TLS-SSL - CVE-2018-0739D August 9th, 2018 August 9th, 2018
TLS-SSL - CVE-2016-6306 July 30th, 2018 July 30th, 2018
ISAKMP-IKE - VPN DISABLED, UDP PORTS OPEN July 29th, 2018 November 9th, 2018
TLS-SSL - CVE-2016-6302 July 29th, 2018 July 29th, 2018
TLS - ROBOT VULNERABILITY FALSE-POSITIVES July 29th, 2018 July 29th, 2018
TLS-SSL - CVE-2016-2107 July 22nd, 2018 October 11th, 2019
TLS-SSL - CVE-2018-0732 July 22nd, 2018 July 27th, 2018
TLS-SSL - CVE-2017-3735 July 22nd, 2018 July 22nd, 2018
TLS-SSL - CVE-2017-3736/3737/3738 July 22nd, 2018 July 22nd, 2018
SSH - CVE-2016-0777 July 22nd, 2018 July 22nd, 2018
THUNDER LOM/IPMI - CVE-2013-4786 July 22nd, 2018 July 22nd, 2018
MGMT ACLs Can Override MGMT Service Disable Commands July 19th, 2018 October 11th, 2019
WAF - SQL Injection Attack (SQLIA) Vulnerability July 18th, 2018 July 23rd, 2018
TLS-SSL - CVE-2017-3732, CVE-2016-7055 July 18th, 2018 July 18th, 2018
HTTPD - CVE-2017-3169, CVE-2017-7679 July 16th, 2018 October 11th, 2019
SSH DH MODULUS <= 1024 BITS (LOGJAM) July 14th, 2018 October 17th, 2019
AUDIT LOG CLEAR - VULNERABILTY July 12th, 2018 October 17th, 2018
Virtual Application Patch CVE-2017-9805 September 15th, 2017 none
NTP - CVE-2017-6462, CVE-2017-6451, CVE-2016-9042 August 10th, 2017 October 11th, 2019
GUI - A10HELP XSS VULNERABILITY August 9th, 2017 none
ICMP - TIMESTAMP RESPONSE, CVE-1999-0524 August 8th, 2017 October 17th, 2019
SSH - CVE-2016-3115, CVE-2010-5107 August 8th, 2017 October 16th, 2019
SSH - SHA2 HMACS, CVE-2008-5161, WEAK MACS August 8th, 2017 October 11th, 2019
SYSTEM - VULNERABILITIES #1 - ACOS 3.X, 4.X August 7th, 2017 October 11th, 2019
GUI/AXAPI - VULNERABILITIES #1 - ACOS 3.X, 4.X August 4th, 2017 October 16th, 2019
TLS/SSL - TLS 1.0 PROTOCOL SUPPORTED, CVE-2011-3389 August 3rd, 2017 October 24th, 2019
TLS/SSL - 3DES CIPHER SUPPORTED, CVE-2016-2183 August 2nd, 2017 October 21st, 2019
TLS/SSL - RC4 CIPHERS SUPPORTED, CVE-2013-2566, CVE-2015-2808 August 1st, 2017 October 17th, 2019
TLS/SSL - DES AND IDEA CIPHERS SUPPORTED July 31st, 2017 October 17th, 2019
SSH - CVE-2015-5600 July 28th, 2017 October 11th, 2019
NTP - CVE-2016-7429, CVE-2016-7433 July 27th, 2017 October 11th, 2019
TLS/SSL - CVE-2016-8610 July 25th, 2017 none
TLS/SSL - CVE-2016-6304 July 24th, 2017 none
#CVE-2016-2108 May 11th, 2016 none
#CVE-2015-7547 February 18th, 2016 none
#CVE-2015-7575 February 17th, 2016 none
#CVE-2016-0777 and CVE-2016-0778 January 18th, 2016 none
#CVE-2015-3195 December 3rd, 2015 none
#CVE-2015-5307 and CVE-2015-8104 November 10th, 2015 none
#CVE-2015-7704, -7705, -7871 October 26th, 2015 none
#CVE-2015-5621 September 3rd, 2015 none
CVE-2015-1793: OpenSSL Alternative chains certificate forgery July 9th, 2015 none
#CVE-2015-{1788, 1789, 1790, 1791 and 1792} June 18th, 2015 none
#CVE-2015-0290, CVE-2015-0291, CVE-2015-0204, CVE-2015-0286, CVE-2015-0292, CVE-2015-0209, CVE-2014-3571, CVE-2015-0206, CVE-2015-0207 March 8th, 2015 April 18th, 2018
#CVE-2015-0235 February 2nd, 2015 none
#CVE-2014-3571, 3569, 3572, 8275, 3570 and #CVE-2015-0204, 0205, 0206 January 8th, 2015 none
NTP (#CVE-2014-9293, #CVE-2014-9294, #CVE-2014-9295, #CVE-2014-9296) December 29th, 2014 none
#CVE-2014-8730 December 8th, 2014 none
Technical Support Advisory: Recommended SSL Templates for PFS (Perfect Forward Secrecy) Ciphers November 4th, 2014 none
#CVE-2014-3513 and CVE-2014-3567 October 15th, 2014 none
"POODLE" #CVE-2014-3566 October 14th, 2014 November 3rd, 2014
Shellshock Bash; Multiple #CVEs October 1st, 2014 none
A10 Vulnerability to "Shellshock Bash" #CVE-2014-6271 September 24th, 2014 none
OpenSSL Security Advisory June 5th, 2014 none
ACOS Buffer Overflow Vulnerability Issued by NCCIC/US Cert (CVE-2014-3976) April 9th, 2014 none
A10 Products Not Vulnerable to OpenSSL CVE-2014-0160 (Heartbleed) April 9th, 2014 none
Other CPU Side-Channel Vulnerabilities August 22nd, 1970 August 22nd, 1970
EX Series - CVE-2017-13704, CVE-2017-14491 August 22nd, 1970 August 22nd, 1970
TLS/SSL - CVE-2016-10213 August 22nd, 1970 August 22nd, 1970
SPECTRE/MELTDOWN VULNERABILITIES August 22nd, 1970 August 22nd, 1970

How to report a product vulnerability

A10 values submission of vulnerabilities by independent researchers and third parties.

In order to process them in the most expedient way possible, follow these steps:

  1. Provide as much information as possible upfront and send an email to psirt@a10networks.com. If you feel the need to protect the information you can encrypt the information with our PGP key.
  2. Please ensure the report is as complete as possible and explains the specific setup and how was the vulnerability triggered.
  3. Also, if possible, it would be highly appreciated if you can submit “show tech” from that device or virtual appliance. If not, please provide “show version” or the version information about the software and hardware platform (unless it is a virtual machine).

Report a Vulnerability

If you are an A10 customer, please, do not use this method of submission open a support case

PGP KEY DOWNLOAD

 
-----BEGIN PGP PUBLIC KEY BLOCK-----
 
mQENBFx0RIQBCACvlD21KmpBClVXOdT7XuFlbs0KqUFEn3sOKH58zB20UBdz1KyP
MXXoXFcU9Dy+EbwNsbZBQBTOF0ONMsLAdMELxczp7tAhh9KinHLYatAwT7fL8cqY
izuZKOI2Bidhvno7hzcipyHIOkY2cT5+TxRtxtDKO6dMQVkvAZp9MfOEVDQzwsI7
bbQVSKTZpIAZ5EogpbfHuDh9o5/YV/zt590UFlc6L/N2yIuH1meUQ/mGMVXB2SMK
7vmZPxmHYK0So3a7UbUX0/kL7JDoeP1GmZkqTXxCClHhY6jaNccvUmOfRFN/0aKB
yY+RAzD0VQdY5xC5LY6E2MfGHcK8uB5XfH5pABEBAAG0KFBTSVJULVBHS2V5LTIw
MTkgPHBzaXJ0QGExMG5ldHdvcmtzLmNvbT6JAVQEEwEIAD4WIQRL0v+vF+dfeRUe
PvX/AS41m6MCpAUCXHREhAIbAwUJBeLZLAULCQgHAgYVCgkICwIEFgIDAQIeAQIX
gAAKCRD/AS41m6MCpBy4B/wKcaQHo/ARJlcdLmWo3wk/spcEJ7k5hxMM7P7cusEl
4wXCkf5HCH3esuKOQRxjocYkvU6ktWQyPdkHqBJvuZNT4Y+kWWv8FOFZ+ZnoO1Mg
DdvP0S7Spo7uUa1ilWgzbZy34lKumX2h5abS3pX7KfhFf3qmY/SRwywpddkembPN
KKv9FviBpLf6sk0Bpdk4kBJ/0puVBSNoJJFCMk8alf51pRGY3mQXm6AjAYlk/Pms
rXalBCTCCatd7nzaIgutrbW4fQ501IAMKntOSU83pAccPqsYWO+pXoT7asKP7PGf
+tjgIeXvPHYJu/PqjxawU58zEg3TAYVBBI6bIf/+Gdp4uQENBFx0RIQBCACxmqUw
RLYcI+kOGN8NTfd3QQl2slSulcGQOt7xkCazEy8pj0OysW4iJAAcH4VekhXpV5yR
JEg4F80F2DmDv8z8r2Oo7WNptidnXT4MLFQCzM2qEmElN4/gq6RdXk/d4Hb40Bbw
ZTJzf0RWkSX1HGtieDwWT2AfAK1HHIcQuIjZlhR/4xRvHI3nELPgf83RzuxWbcP7
0zteXtncspMdqLpcnCvVnrbu3zH12EvOmkAfTzHjHD98oB9iWNN5ND6bF2VvCdK0
5YKrX/WY2Zbxkul2ygK1vhHAasl+X9DHwR3wT2SXVu6klhzUKwvdC/SHnPFQKf2A
dVWhbPwH8zqAx4aXABEBAAGJATwEGAEIACYWIQRL0v+vF+dfeRUePvX/AS41m6MC
pAUCXHREhAIbDAUJBeLZLAAKCRD/AS41m6MCpOthB/9o8MpgWj69g/2hiFSvR5Iu
wYzqP46+4RiCBmqvSSvR5E7s/pJvY2KLo/ApAShT+wTdLILkqQcGMe1wKbBiwBGF
7wGrZvFwh8P3ouK3ORiaCHLVY/x9i5M6ZegcTJWoieNmBklavsuTLpYD6YJQuFTd
JrNec2tS6MNc5yYpE2bJQoE+2y6yrGuI2T/xUT65IJhEGLqCjc+cc2h768V1LI3O
He7JBX4zyXs5dfwt5PEH0H1o7RffWPRqk+exfcgLUDGp8WJBSN5V561GE12dHf5r
HCoRDRUn/Zifi0MqP90BfjikbZzD7PYYQlxRLbBzqqkJmPhVzmMQjNHzHOVy1y0j
=MYIG
-----END PGP PUBLIC KEY BLOCK-----