[sssForm]

Security Advisories

Product Security Incident Response Team (PSIRT)

The role of the PSIRT team is to timely receive, assess and assist in handling vulnerabilities regarding A10 Networks’ products.

How to Submit a Report >

Urgent Support for A10 Customers

If you have an urgent matter concerning production systems, contact support.

Contact Support
Security Advisories
Security Advisory ID Published Updated
CVE-2024-30368, CVE-2024-30369 – A10 ACOS Command Injection Remote Code Execution and Privilege Escalation May 28, 2024 May 28, 2024
CVE-2022-36382 – Ethernet Controller Firmware (TH-3350) March 26, 2024 May 23, 2024
HTTP/2 RAPID RESET - CVE-2023-44487 October 18, 2023 October 18, 2023
ACOS GUI Vulnerability - A10-2023-0006 September 12, 2023 September 12, 2023
TLS-SSL - CVE-2022-4450 April 28, 2023 April 28, 2023
TLS-SSL - CVE-2023-0215 April 28, 2023 April 28, 2023
TLS-SSL - CVE-2022-4304 April 28, 2023 April 28, 2023
TLS-SSL - CVE-2023-0286 April 28, 2023 April 28, 2023
NET-SNMP - VULNERABILITIES November 8, 2022 November 8, 2022
TLS-SSL - CVE-2022-3786, CVE-2022-3602  November 2, 2022 November 2, 2022
STRONGSWAN - CVE-2021-41991, CVE-2021-45079 October 31, 2022 October 31, 2022
OPENSSH SCP – MITM ATTACKS October 31, 2022 October 31, 2022
OPENSSH SCP – CVE-2020-15778 October 31, 2022 October 31, 2022
DPDK - CVE-2022-28199 October 3, 2022 October 3, 2022
EXPAT - 2022 CVES - GROUP 1 August 26, 2022 September 29, 2022
HTTPD - CVE-2022-28614, CVE-2021-34798 July 26, 2022 July 26, 2022
HTTPD - CVE-2022-22720 May 12, 2022 July 26, 2022
ZLIB - CVE-2018-25032 May 12, 2022 May 26, 2022
SSL - CVE-2022-0778 April 8, 2022 May 11, 2022
LOG4J - CVE-2021-4104 January 7, 2022 January 7, 2022
LOG4J - CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 December 14, 2021 January 31, 2022
OPENSSL – CVE-2021-3711 September 24, 2021 September 24, 2021
OPENSSL – CVE-2021-3712 September 24, 2021 September 24, 2021
OPENSSL – CVE-2021-23840 April 30, 2021 April 30, 2021
OPENSSL - CVE-2021-3449 April 23, 2021 April 23, 2021
OPENSSL – CVE-2020-1971 January 22, 2021 January 22, 2021
ACOS/aGalaxy GUI RCE Vulnerability - CVE-2020-24384 November 9, 2020 November 20, 2020
NTP - CVE-2020-11868 July 27, 2020 August 16, 2021
NTP - CVE-2020-13817 July 27, 2020 August 16, 2021
RSYSLOG - CVE-2019-17041 May 8, 2020 May 8, 2020
CVE-2019-0140 – Ethernet Controller Firmware April 24, 2020 April 24, 2020
HTTP – REQUEST SMUGGLING March 19, 2020 May 12, 2022
jQuery - CVE-2012-6708 March 17, 2020 March 17, 2020
SSL - CVE-2019-1551 March 4, 2020 October 15, 2021
GUI/AXAPI – Non-Unique X.509 Certificate/Key November 6, 2019 November 6, 2019
SSH – Non-Unique SSH Host Key November 6, 2019 November 6, 2019
SSL - CVE-2019-1563 October 18, 2019 February 14, 2020
HTTP/2 – Multiple DoS Vulnerabilities October 18, 2019 October 18, 2019
aflex TCL CoDE injection Exposures September 9, 2019 October 2, 2019
GUI/AXAPI - Vulnerabilities #3 - ACOS 4.x July 8, 2019 October 16, 2019
TCP/IP – SACK Attack Vulnerabilities June 30, 2019 October 11, 2019
ACOS DNS Services and DNS Flag Day January 30, 2019 February 15, 2019
Other CPU Side-Channel Vulnerabilities December 14, 2018 June 20, 2022
Thunder – IPMI/LoM Vulnerabilities November 27, 2018 May 2, 2019
WAF/SSLI – XML Vulnerabilities November 27, 2018 November 27, 2018
SSH - CVE-2018-15473 October 11, 2018 July 23, 2021
TLS-SSL - CVE-2016-2177 October 10, 2018 November 9, 2018
EX Series - CVE-2017-13704, CVE-2017-14491 October 9, 2018 October 9, 2018
NTP - CVE-2018-7184 September 12, 2018 October 11, 2019
GUI - HSTS MISSING IN REDIRECT FROM GET ROOT September 12, 2018 October 11, 2019
GUI/AXAPI - VULNERABILITIES #2 - ACOS 3.X, 4.X September 12, 2018 October 11, 2019
SYSTEM - VULNERABILITIES #2 - ACOS 3.X, 4.X September 12, 2018 October 11, 2019
SYSTEM - CVE-2017-18017 August 19, 2018 October 11, 2019
TCP/IP - CVE-2018-5390 (SEGMENTSMACK) August 19, 2018 October 11, 2019
TCP/IP - CVE-2018-5391 (FRAGMENTSMACK) August 19, 2018 October 11, 2019
TLS-SSL - CVE-2016-2182 August 9, 2018 August 9, 2018
TLS-SSL - CVE-2018-0739D August 9, 2018 August 9, 2018
TLS-SSL - CVE-2016-6306 July 30, 2018 July 30, 2018
ISAKMP-IKE - VPN DISABLED, UDP PORTS OPEN July 29, 2018 November 9, 2018
TLS-SSL - CVE-2016-6302 July 29, 2018 July 29, 2018
TLS - ROBOT VULNERABILITY FALSE-POSITIVES July 29, 2018 July 29, 2018
TLS-SSL - CVE-2016-2107 July 22, 2018 October 11, 2019
TLS-SSL - CVE-2018-0732 July 22, 2018 July 27, 2018
TLS-SSL - CVE-2017-3735 July 22, 2018 July 22, 2018
TLS-SSL - CVE-2017-3736/3737/3738 July 22, 2018 July 22, 2018
SSH - CVE-2016-0777 July 22, 2018 July 22, 2018
THUNDER LOM/IPMI - CVE-2013-4786 July 22, 2018 July 22, 2018
MGMT ACLs Can Override MGMT Service Disable Commands July 19, 2018 October 11, 2019
WAF - SQL Injection Attack (SQLIA) Vulnerability July 18, 2018 July 23, 2018
TLS-SSL - CVE-2017-3732, CVE-2016-7055 July 18, 2018 July 18, 2018
HTTPD - CVE-2017-3169, CVE-2017-7679 July 16, 2018 October 11, 2019
SSH DH MODULUS <= 1024 BITS (LOGJAM) July 14, 2018 October 17, 2019
AUDIT LOG CLEAR - VULNERABILTY July 12, 2018 October 17, 2018
TLS/SSL - CVE-2016-10213 July 12, 2018 July 12, 2018
SPECTRE/MELTDOWN VULNERABILITIES January 5, 2018 October 11, 2019
Virtual Application Patch CVE-2017-9805 September 15, 2017 September 15, 2017
NTP - CVE-2017-6462, CVE-2017-6451, CVE-2016-9042 August 10, 2017 January 25, 2021
GUI - A10HELP XSS VULNERABILITY August 9, 2017 August 9, 2017
ICMP - TIMESTAMP RESPONSE, CVE-1999-0524 August 8, 2017 October 17, 2019
SSH - CVE-2016-3115, CVE-2010-5107 August 8, 2017 October 16, 2019
SSH - SHA2 HMACS, CVE-2008-5161, WEAK MACS August 8, 2017 October 11, 2019
SYSTEM - VULNERABILITIES #1 - ACOS 3.X, 4.X August 7, 2017 October 11, 2019
GUI/AXAPI - VULNERABILITIES #1 - ACOS 3.X, 4.X August 4, 2017 October 16, 2019
TLS/SSL - TLS 1.0 PROTOCOL SUPPORTED, CVE-2011-3389 August 3, 2017 October 24, 2019
TLS/SSL - 3DES CIPHER SUPPORTED, CVE-2016-2183 August 2, 2017 October 21, 2019
TLS/SSL - RC4 CIPHERS SUPPORTED, CVE-2013-2566, CVE-2015-2808 August 1, 2017 October 17, 2019
TLS/SSL - DES AND IDEA CIPHERS SUPPORTED July 31, 2017 October 17, 2019
SSH - CVE-2015-5600 July 28, 2017 October 11, 2019
NTP - CVE-2016-7429, CVE-2016-7433 July 27, 2017 October 11, 2019
TLS/SSL - CVE-2016-8610 July 25, 2017 July 25, 2017
TLS/SSL - CVE-2016-6304 July 24, 2017 July 24, 2017
#CVE-2016-2108 May 11, 2016 May 11, 2016
#CVE-2015-7547 February 18, 2016 February 18, 2016
#CVE-2015-7575 February 17, 2016 February 17, 2016
#CVE-2016-0777 and CVE-2016-0778 January 18, 2016 January 18, 2016
#CVE-2015-3195 December 3, 2015 December 3, 2015
#CVE-2015-5307 and CVE-2015-8104 November 10, 2015 November 10, 2015
#CVE-2015-7704, -7705, -7871 October 26, 2015 October 26, 2015
#CVE-2015-5621 September 3, 2015 September 3, 2015
#CVE-2015-{1788, 1789, 1790, 1791 and 1792} June 18, 2015 June 18, 2015
#CVE-2015-0290, CVE-2015-0291, CVE-2015-0204, CVE-2015-0286, CVE-2015-0292, CVE-2015-0209, CVE-2014-3571, CVE-2015-0206, CVE-2015-0207 March 8, 2015 April 18, 2018
#CVE-2015-0235 February 2, 2015 February 10, 2015
#CVE-2014-3571, 3569, 3572, 8275, 3570 and #CVE-2015-0204, 0205, 0206 January 8, 2015 January 8, 2015
NTP (#CVE-2014-9293, #CVE-2014-9294, #CVE-2014-9295, #CVE-2014-9296) December 29, 2014 December 29, 2014
#CVE-2014-8730 December 8, 2014 December 8, 2014
Technical Support Advisory: Recommended SSL Templates for PFS (Perfect Forward Secrecy) Ciphers November 4, 2014 November 4, 2014
#CVE-2014-3513 and CVE-2014-3567 October 15, 2014 October 15, 2014
"POODLE" #CVE-2014-3566 October 14, 2014 November 3, 2014
Shellshock Bash; Multiple #CVEs October 1, 2014 March 13, 2020
A10 Vulnerability to "Shellshock Bash" #CVE-2014-6271 September 24, 2014 February 17, 2020
OpenSSL Security Advisory June 5, 2014 June 5, 2014
ACOS Buffer Overflow Vulnerability Issued by NCCIC/US Cert (CVE-2014-3976) April 9, 2014 June 2, 2014
A10 Products Not Vulnerable to OpenSSL CVE-2014-0160 (Heartbleed) April 9, 2014 April 9, 2014

How to Report a Product Vulnerability

A10 values submission of vulnerabilities by independent researchers and third parties.

In order to process them in the most expedient way possible, follow these steps:

  1. Provide as much information as possible upfront and send an email to psirt@a10networks.com. If you feel the need to protect the information you can encrypt the information with our PGP key.

    NOTE: If you feel the need to protect the information, you can encrypt the information with our public PGP key. The A10 PSIRT public PGP key is available here: Download link.

  2. Please ensure the report is as complete as possible and explains the specific setup and how was the vulnerability triggered.

  3. Also, if possible, it would be highly appreciated if you can submit “show tech” from that device or virtual appliance. If not, please provide “show version” or the version information about the software and hardware platform (unless it is a virtual machine).

 

Report a Vulnerability


If you are an A10 customer, please, do not use this method of submission. Open a support case here