Product Security Incident Response Team (PSIRT)

HTML/CSS

Our team is here to help

The role of the PSIRT team is to timely receive, assess and assist in handling vulnerabilities regarding A10 Networks’ products.

HTML/CSS

for A10 customers

If you have an urgent matter concerning production systems, contact support.

Contact Support

Security Advisories

Security Advisory ID	Published	Updated
GUI/AXAPI – Non-Unique X.509 Certificate/Key	November 06, 2019	November 06, 2019
SSH – Non-Unique SSH Host Key	November 06, 2019	None
HTTP/2 – Multiple DoS Vulnerabilities	October 18, 2019	October 18, 2019
SSL - CVE-2019-1563	October 18, 2019	October 18, 2019
aflex TCL CoDE injection Exposures	September 09, 2019	October 02, 2019
GUI/AXAPI - Vulnerabilities #3 - ACOS 4.x	July 08, 2019	October 16, 2019
TCP/IP – SACK Attack Vulnerabilities	June 30, 2019	October 11, 2019
ACOS DNS Services and DNS Flag Day	January 30, 2019	February 15, 2019
Other CPU Side-Channel Vulnerabilities	December 14, 2018	October 11, 2019
WAF/SSLI – XML Vulnerabilities	November 27, 2018	November 27, 2018
Thunder – IPMI/LoM Vulnerabilities	November 27, 2018	May 02, 2019
SSH - CVE-2018-15473	October 11, 2018	October 11, 2019
TLS-SSL - CVE-2016-2177	October 10, 2018	November 09, 2018
EX Series - CVE-2017-13704, CVE-2017-14491	October 09, 2018	October 09, 2018
NTP - CVE-2018-7184	September 12, 2018	October 11, 2019
GUI - HSTS MISSING IN REDIRECT FROM GET ROOT	September 12, 2018	October 11, 2019
GUI/AXAPI - VULNERABILITIES #2 - ACOS 3.X, 4.X	September 12, 2018	October 11, 2019
SYSTEM - VULNERABILITIES #2 - ACOS 3.X, 4.X	September 12, 2018	October 11, 2019
SYSTEM - CVE-2017-18017	August 19, 2018	October 11, 2019
TCP/IP - CVE-2018-5390 (SEGMENTSMACK)	August 19, 2018	October 11, 2019
TCP/IP - CVE-2018-5391 (FRAGMENTSMACK)	August 19, 2018	October 11, 2019
TLS-SSL - CVE-2018-0739D	August 09, 2018	August 09, 2018
TLS-SSL - CVE-2016-2182	August 09, 2018	August 09, 2018
TLS-SSL - CVE-2016-6306	July 30, 2018	July 30, 2018
TLS-SSL - CVE-2016-6302	July 29, 2018	July 29, 2018
TLS - ROBOT VULNERABILITY FALSE-POSITIVES	July 29, 2018	July 29, 2018
ISAKMP-IKE - VPN DISABLED, UDP PORTS OPEN	July 29, 2018	November 09, 2018
TLS-SSL - CVE-2017-3735	July 22, 2018	July 22, 2018
TLS-SSL - CVE-2017-3736/3737/3738	July 22, 2018	July 22, 2018
SSH - CVE-2016-0777	July 22, 2018	July 22, 2018
TLS-SSL - CVE-2016-2107	July 22, 2018	October 11, 2019
THUNDER LOM/IPMI - CVE-2013-4786	July 22, 2018	July 22, 2018
TLS-SSL - CVE-2018-0732	July 22, 2018	July 27, 2018
MGMT ACLs Can Override MGMT Service Disable Commands	July 19, 2018	October 11, 2019
TLS-SSL - CVE-2017-3732, CVE-2016-7055	July 18, 2018	July 18, 2018
WAF - SQL Injection Attack (SQLIA) Vulnerability	July 18, 2018	July 23, 2018
HTTPD - CVE-2017-3169, CVE-2017-7679	July 16, 2018	October 11, 2019
SSH DH MODULUS <= 1024 BITS (LOGJAM)	July 14, 2018	October 17, 2019
TLS/SSL - CVE-2016-10213	July 12, 2018	July 12, 2018
AUDIT LOG CLEAR - VULNERABILTY	July 12, 2018	October 17, 2018
SPECTRE/MELTDOWN VULNERABILITIES	January 05, 2018	October 11, 2019
Virtual Application Patch CVE-2017-9805	September 15, 2017	None
NTP - CVE-2017-6462, CVE-2017-6451, CVE-2016-9042	August 10, 2017	October 11, 2019
GUI - A10HELP XSS VULNERABILITY	August 09, 2017	None
ICMP - TIMESTAMP RESPONSE, CVE-1999-0524	August 08, 2017	October 17, 2019
SSH - CVE-2016-3115, CVE-2010-5107	August 08, 2017	October 16, 2019
SSH - SHA2 HMACS, CVE-2008-5161, WEAK MACS	August 08, 2017	October 11, 2019
SYSTEM - VULNERABILITIES #1 - ACOS 3.X, 4.X	August 07, 2017	October 11, 2019
GUI/AXAPI - VULNERABILITIES #1 - ACOS 3.X, 4.X	August 04, 2017	October 16, 2019
TLS/SSL - TLS 1.0 PROTOCOL SUPPORTED, CVE-2011-3389	August 03, 2017	October 24, 2019
TLS/SSL - 3DES CIPHER SUPPORTED, CVE-2016-2183	August 02, 2017	October 21, 2019
TLS/SSL - RC4 CIPHERS SUPPORTED, CVE-2013-2566, CVE-2015-2808	August 01, 2017	October 17, 2019
TLS/SSL - DES AND IDEA CIPHERS SUPPORTED	July 31, 2017	October 17, 2019
SSH - CVE-2015-5600	July 28, 2017	October 11, 2019
NTP - CVE-2016-7429, CVE-2016-7433	July 27, 2017	October 11, 2019
TLS/SSL - CVE-2016-8610	July 25, 2017	None
TLS/SSL - CVE-2016-6304	July 24, 2017	None
#CVE-2016-2108	May 11, 2016	None
#CVE-2015-7547	February 18, 2016	None
#CVE-2015-7575	February 17, 2016	None
#CVE-2016-0777 and CVE-2016-0778	January 18, 2016	None
#CVE-2015-3195	December 03, 2015	None
#CVE-2015-5307 and CVE-2015-8104	November 10, 2015	None
#CVE-2015-7704, -7705, -7871	October 26, 2015	None
#CVE-2015-5621	September 03, 2015	None
CVE-2015-1793: OpenSSL Alternative chains certificate forgery	July 09, 2015	None
#CVE-2015-{1788, 1789, 1790, 1791 and 1792}	June 18, 2015	None
#CVE-2015-0290, CVE-2015-0291, CVE-2015-0204, CVE-2015-0286, CVE-2015-0292, CVE-2015-0209, CVE-2014-3571, CVE-2015-0206, CVE-2015-0207	March 08, 2015	April 18, 2018
#CVE-2015-0235	February 02, 2015	None
#CVE-2014-3571, 3569, 3572, 8275, 3570 and #CVE-2015-0204, 0205, 0206	January 08, 2015	None
NTP (#CVE-2014-9293, #CVE-2014-9294, #CVE-2014-9295, #CVE-2014-9296)	December 29, 2014	None
#CVE-2014-8730	December 08, 2014	None
Technical Support Advisory: Recommended SSL Templates for PFS (Perfect Forward Secrecy) Ciphers	November 04, 2014	None
#CVE-2014-3513 and CVE-2014-3567	October 15, 2014	None
"POODLE" #CVE-2014-3566	October 14, 2014	November 03, 2014
Shellshock Bash; Multiple #CVEs	October 01, 2014	None
A10 Vulnerability to "Shellshock Bash" #CVE-2014-6271	September 24, 2014	None
OpenSSL Security Advisory	June 05, 2014	None
ACOS Buffer Overflow Vulnerability Issued by NCCIC/US Cert (CVE-2014-3976)	April 09, 2014	None
A10 Products Not Vulnerable to OpenSSL CVE-2014-0160 (Heartbleed)	April 09, 2014	None

HTML/CSS

How to report a product vulnerability

A10 values submission of vulnerabilities by independent researchers and third parties.

In order to process them in the most expedient way possible, follow these steps:

Provide as much information as possible upfront and send an email to psirt@a10networks.com. If you feel the need to protect the information you can encrypt the information with our PGP key.
Please ensure the report is as complete as possible and explains the specific setup and how was the vulnerability triggered.
Also, if possible, it would be highly appreciated if you can submit “show tech” from that device or virtual appliance. If not, please provide “show version” or the version information about the software and hardware platform (unless it is a virtual machine).

Report Vulnerability

If you are an A10 customer, please, do not use this method of submission open a support case instead.

HTML/CSS

PGP KEY DOWNLOAD