• Public Support Content
    No Registration Required
  • Customer Content
    Registration Required
    • Download Trial
    HTML/CSS 

    Our team is here to help

    The role of the PSIRT team is to timely receive, assess and assist in handling vulnerabilities regarding A10 Networks’ products.

    HTML/CSS 
    for A10 customers

    If you have an urgent matter concerning production systems, contact support.

    Contact Support

    Security Advisories

    Security Advisory ID Publishedsort ascending Updated
    aflex TCL CoDE injection Exposures September 09, 2019 October 02, 2019
    GUI/AXAPI - Vulnerabilities #3 - ACOS 4.x July 08, 2019 October 16, 2019
    TCP/IP – SACK Attack Vulnerabilities June 30, 2019 October 11, 2019
    ACOS DNS Services and DNS Flag Day January 30, 2019 February 15, 2019
    Other CPU Side-Channel Vulnerabilities December 14, 2018 October 11, 2019
    WAF/SSLI – XML Vulnerabilities November 27, 2018 November 27, 2018
    Thunder – IPMI/LoM Vulnerabilities November 27, 2018 May 02, 2019
    SSH - CVE-2018-15473 October 11, 2018 October 11, 2019
    TLS-SSL - CVE-2016-2177 October 10, 2018 November 09, 2018
    EX Series - CVE-2017-13704, CVE-2017-14491 October 09, 2018 October 09, 2018
    NTP - CVE-2018-7184 September 12, 2018 October 11, 2019
    GUI - HSTS MISSING IN REDIRECT FROM GET ROOT September 12, 2018 October 11, 2019
    GUI/AXAPI - VULNERABILITIES #2 - ACOS 3.X, 4.X September 12, 2018 October 11, 2019
    SYSTEM - VULNERABILITIES #2 - ACOS 3.X, 4.X September 12, 2018 October 11, 2019
    SYSTEM - CVE-2017-18017 August 19, 2018 October 11, 2019
    TCP/IP - CVE-2018-5390 (SEGMENTSMACK) August 19, 2018 October 11, 2019
    TCP/IP - CVE-2018-5391 (FRAGMENTSMACK) August 19, 2018 October 11, 2019
    TLS-SSL - CVE-2016-2182 August 09, 2018 August 09, 2018
    TLS-SSL - CVE-2018-0739D August 09, 2018 August 09, 2018
    TLS-SSL - CVE-2016-6306 July 30, 2018 July 30, 2018
    TLS-SSL - CVE-2016-6302 July 29, 2018 July 29, 2018
    TLS - ROBOT VULNERABILITY FALSE-POSITIVES July 29, 2018 July 29, 2018
    ISAKMP-IKE - VPN DISABLED, UDP PORTS OPEN July 29, 2018 November 09, 2018
    TLS-SSL - CVE-2018-0732 July 22, 2018 July 27, 2018
    TLS-SSL - CVE-2017-3735 July 22, 2018 July 22, 2018
    TLS-SSL - CVE-2017-3736/3737/3738 July 22, 2018 July 22, 2018
    SSH - CVE-2016-0777 July 22, 2018 July 22, 2018
    TLS-SSL - CVE-2016-2107 July 22, 2018 October 11, 2019
    THUNDER LOM/IPMI - CVE-2013-4786 July 22, 2018 July 22, 2018
    MGMT ACLs Can Override MGMT Service Disable Commands July 19, 2018 October 11, 2019
    TLS-SSL - CVE-2017-3732, CVE-2016-7055 July 18, 2018 July 18, 2018
    WAF - SQL Injection Attack (SQLIA) Vulnerability July 18, 2018 July 23, 2018
    HTTPD - CVE-2017-3169, CVE-2017-7679 July 16, 2018 October 11, 2019
    SSH DH MODULUS <= 1024 BITS (LOGJAM) July 14, 2018 October 17, 2019
    TLS/SSL - CVE-2016-10213 July 12, 2018 July 12, 2018
    AUDIT LOG CLEAR - VULNERABILTY July 12, 2018 October 17, 2018
    SPECTRE/MELTDOWN VULNERABILITIES January 05, 2018 October 11, 2019
    Virtual Application Patch CVE-2017-9805 September 15, 2017 None
    NTP - CVE-2017-6462, CVE-2017-6451, CVE-2016-9042 August 10, 2017 October 11, 2019
    GUI - A10HELP XSS VULNERABILITY August 09, 2017 None
    ICMP - TIMESTAMP RESPONSE, CVE-1999-0524 August 08, 2017 October 17, 2019
    SSH - CVE-2016-3115, CVE-2010-5107 August 08, 2017 October 16, 2019
    SSH - SHA2 HMACS, CVE-2008-5161, WEAK MACS August 08, 2017 October 11, 2019
    SYSTEM - VULNERABILITIES #1 - ACOS 3.X, 4.X August 07, 2017 October 11, 2019
    GUI/AXAPI - VULNERABILITIES #1 - ACOS 3.X, 4.X August 04, 2017 October 16, 2019
    TLS/SSL - TLS 1.0 PROTOCOL SUPPORTED, CVE-2011-3389 August 03, 2017 October 17, 2019
    TLS/SSL - 3DES CIPHER SUPPORTED, CVE-2016-2183 August 02, 2017 October 17, 2019
    TLS/SSL - RC4 CIPHERS SUPPORTED, CVE-2013-2566, CVE-2015-2808 August 01, 2017 October 17, 2019
    TLS/SSL - DES AND IDEA CIPHERS SUPPORTED July 31, 2017 October 17, 2019
    SSH - CVE-2015-5600 July 28, 2017 October 11, 2019
    NTP - CVE-2016-7429, CVE-2016-7433 July 27, 2017 October 11, 2019
    TLS/SSL - CVE-2016-8610 July 25, 2017 None
    TLS/SSL - CVE-2016-6304 July 24, 2017 None
    #CVE-2016-2108 May 11, 2016 None
    #CVE-2015-7547 February 18, 2016 None
    #CVE-2015-7575 February 17, 2016 None
    #CVE-2016-0777 and CVE-2016-0778 January 18, 2016 None
    #CVE-2015-3195 December 03, 2015 None
    #CVE-2015-5307 and CVE-2015-8104 November 10, 2015 None
    #CVE-2015-7704, -7705, -7871 October 26, 2015 None
    #CVE-2015-5621 September 03, 2015 None
    CVE-2015-1793: OpenSSL Alternative chains certificate forgery July 09, 2015 None
    #CVE-2015-{1788, 1789, 1790, 1791 and 1792} June 18, 2015 None
    #CVE-2015-0290, CVE-2015-0291, CVE-2015-0204, CVE-2015-0286, CVE-2015-0292, CVE-2015-0209, CVE-2014-3571, CVE-2015-0206, CVE-2015-0207 March 08, 2015 April 18, 2018
    #CVE-2015-0235 February 02, 2015 None
    #CVE-2014-3571, 3569, 3572, 8275, 3570 and #CVE-2015-0204, 0205, 0206 January 08, 2015 None
    NTP (#CVE-2014-9293, #CVE-2014-9294, #CVE-2014-9295, #CVE-2014-9296) December 29, 2014 None
    #CVE-2014-8730 December 08, 2014 None
    Technical Support Advisory: Recommended SSL Templates for PFS (Perfect Forward Secrecy) Ciphers November 04, 2014 None
    #CVE-2014-3513 and CVE-2014-3567 October 15, 2014 None
    "POODLE" #CVE-2014-3566 October 14, 2014 November 03, 2014
    Shellshock Bash; Multiple #CVEs October 01, 2014 None
    A10 Vulnerability to "Shellshock Bash" #CVE-2014-6271 September 24, 2014 None
    OpenSSL Security Advisory June 05, 2014 None
    ACOS Buffer Overflow Vulnerability Issued by NCCIC/US Cert (CVE-2014-3976) April 09, 2014 None
    A10 Products Not Vulnerable to OpenSSL CVE-2014-0160 (Heartbleed) April 09, 2014 None
    HTML/CSS 

    How to report a product vulnerability

    A10 values submission of vulnerabilities by independent researchers and third parties.

    In order to process them in the most expedient way possible, follow these steps:

    1. Provide as much information as possible upfront and send an email to psirt@a10networks.com. If you feel the need to protect the information you can encrypt the information with our PGP key.
    2. Please ensure the report is as complete as possible and explains the specific setup and how was the vulnerability triggered.
    3. Also, if possible, it would be highly appreciated if you can submit “show tech” from that device or virtual appliance. If not, please provide “show version” or the version information about the software and hardware platform (unless it is a virtual machine).

    Report Vulnerability

    If you are an A10 customer, please, do not use this method of submission open a support case instead.

    HTML/CSS 

    PGP KEY DOWNLOAD

     
-----BEGIN PGP PUBLIC KEY BLOCK-----
 
mQENBFx0RIQBCACvlD21KmpBClVXOdT7XuFlbs0KqUFEn3sOKH58zB20UBdz1KyP
MXXoXFcU9Dy+EbwNsbZBQBTOF0ONMsLAdMELxczp7tAhh9KinHLYatAwT7fL8cqY
izuZKOI2Bidhvno7hzcipyHIOkY2cT5+TxRtxtDKO6dMQVkvAZp9MfOEVDQzwsI7
bbQVSKTZpIAZ5EogpbfHuDh9o5/YV/zt590UFlc6L/N2yIuH1meUQ/mGMVXB2SMK
7vmZPxmHYK0So3a7UbUX0/kL7JDoeP1GmZkqTXxCClHhY6jaNccvUmOfRFN/0aKB
yY+RAzD0VQdY5xC5LY6E2MfGHcK8uB5XfH5pABEBAAG0KFBTSVJULVBHS2V5LTIw
MTkgPHBzaXJ0QGExMG5ldHdvcmtzLmNvbT6JAVQEEwEIAD4WIQRL0v+vF+dfeRUe
PvX/AS41m6MCpAUCXHREhAIbAwUJBeLZLAULCQgHAgYVCgkICwIEFgIDAQIeAQIX
gAAKCRD/AS41m6MCpBy4B/wKcaQHo/ARJlcdLmWo3wk/spcEJ7k5hxMM7P7cusEl
4wXCkf5HCH3esuKOQRxjocYkvU6ktWQyPdkHqBJvuZNT4Y+kWWv8FOFZ+ZnoO1Mg
DdvP0S7Spo7uUa1ilWgzbZy34lKumX2h5abS3pX7KfhFf3qmY/SRwywpddkembPN
KKv9FviBpLf6sk0Bpdk4kBJ/0puVBSNoJJFCMk8alf51pRGY3mQXm6AjAYlk/Pms
rXalBCTCCatd7nzaIgutrbW4fQ501IAMKntOSU83pAccPqsYWO+pXoT7asKP7PGf
+tjgIeXvPHYJu/PqjxawU58zEg3TAYVBBI6bIf/+Gdp4uQENBFx0RIQBCACxmqUw
RLYcI+kOGN8NTfd3QQl2slSulcGQOt7xkCazEy8pj0OysW4iJAAcH4VekhXpV5yR
JEg4F80F2DmDv8z8r2Oo7WNptidnXT4MLFQCzM2qEmElN4/gq6RdXk/d4Hb40Bbw
ZTJzf0RWkSX1HGtieDwWT2AfAK1HHIcQuIjZlhR/4xRvHI3nELPgf83RzuxWbcP7
0zteXtncspMdqLpcnCvVnrbu3zH12EvOmkAfTzHjHD98oB9iWNN5ND6bF2VvCdK0
5YKrX/WY2Zbxkul2ygK1vhHAasl+X9DHwR3wT2SXVu6klhzUKwvdC/SHnPFQKf2A
dVWhbPwH8zqAx4aXABEBAAGJATwEGAEIACYWIQRL0v+vF+dfeRUePvX/AS41m6MC
pAUCXHREhAIbDAUJBeLZLAAKCRD/AS41m6MCpOthB/9o8MpgWj69g/2hiFSvR5Iu
wYzqP46+4RiCBmqvSSvR5E7s/pJvY2KLo/ApAShT+wTdLILkqQcGMe1wKbBiwBGF
7wGrZvFwh8P3ouK3ORiaCHLVY/x9i5M6ZegcTJWoieNmBklavsuTLpYD6YJQuFTd
JrNec2tS6MNc5yYpE2bJQoE+2y6yrGuI2T/xUT65IJhEGLqCjc+cc2h768V1LI3O
He7JBX4zyXs5dfwt5PEH0H1o7RffWPRqk+exfcgLUDGp8WJBSN5V561GE12dHf5r
HCoRDRUn/Zifi0MqP90BfjikbZzD7PYYQlxRLbBzqqkJmPhVzmMQjNHzHOVy1y0j
=MYIG
-----END PGP PUBLIC KEY BLOCK-----