Security Advisories - A10 Support

Security Advisory ID	Published	Updated
HTTPD - CVE-2022-22720	May 12, 2022	July 26, 2022
ZLIB - CVE-2018-25032	May 12, 2022	May 26, 2022
SSL - CVE-2022-0778	April 8, 2022	May 11, 2022
LOG4J - CVE-2021-4104	January 7, 2022	January 7, 2022
LOG4J - CVE-2021-44228, CVE-2021-45046, CVE-2021-45105	December 14, 2021	January 31, 2022
ACOS/aGalaxy GUI RCE Vulnerability - CVE-2020-24384	November 9, 2020	November 20, 2020
NTP - CVE-2020-11868	July 27, 2020	August 16, 2021
CVE-2019-0140 – Ethernet Controller Firmware	April 24, 2020	April 24, 2020
HTTP – REQUEST SMUGGLING	March 19, 2020	May 12, 2022
jQuery - CVE-2012-6708	March 17, 2020	March 17, 2020
SSL - CVE-2019-1551	March 4, 2020	August 16, 2021
GUI/AXAPI – Non-Unique X.509 Certificate/Key	November 6, 2019	November 6, 2019
SSH – Non-Unique SSH Host Key	November 6, 2019	November 6, 2019
SSL - CVE-2019-1563	October 18, 2019	February 14, 2020
HTTP/2 – Multiple DoS Vulnerabilities	October 18, 2019	October 18, 2019
aflex TCL CoDE injection Exposures	September 9, 2019	October 2, 2019
GUI/AXAPI - Vulnerabilities #3 - ACOS 4.x	July 8, 2019	October 16, 2019
TCP/IP – SACK Attack Vulnerabilities	June 30, 2019	October 11, 2019
ACOS DNS Services and DNS Flag Day	January 30, 2019	February 15, 2019
Other CPU Side-Channel Vulnerabilities	December 14, 2018	June 20, 2022
Thunder – IPMI/LoM Vulnerabilities	November 27, 2018	May 2, 2019
WAF/SSLI – XML Vulnerabilities	November 27, 2018	November 27, 2018
SSH - CVE-2018-15473	October 11, 2018	July 23, 2021
TLS-SSL - CVE-2016-2177	October 10, 2018	November 9, 2018
EX Series - CVE-2017-13704, CVE-2017-14491	October 9, 2018	October 9, 2018
NTP - CVE-2018-7184	September 12, 2018	October 11, 2019
GUI - HSTS MISSING IN REDIRECT FROM GET ROOT	September 12, 2018	October 11, 2019
GUI/AXAPI - VULNERABILITIES #2 - ACOS 3.X, 4.X	September 12, 2018	October 11, 2019
SYSTEM - VULNERABILITIES #2 - ACOS 3.X, 4.X	September 12, 2018	October 11, 2019
SYSTEM - CVE-2017-18017	August 19, 2018	October 11, 2019
TCP/IP - CVE-2018-5390 (SEGMENTSMACK)	August 19, 2018	October 11, 2019
TCP/IP - CVE-2018-5391 (FRAGMENTSMACK)	August 19, 2018	October 11, 2019
TLS-SSL - CVE-2016-2182	August 9, 2018	August 9, 2018
TLS-SSL - CVE-2018-0739D	August 9, 2018	August 9, 2018
TLS-SSL - CVE-2016-6306	July 30, 2018	July 30, 2018
ISAKMP-IKE - VPN DISABLED, UDP PORTS OPEN	July 29, 2018	November 9, 2018
TLS-SSL - CVE-2016-6302	July 29, 2018	July 29, 2018
TLS - ROBOT VULNERABILITY FALSE-POSITIVES	July 29, 2018	July 29, 2018
TLS-SSL - CVE-2016-2107	July 22, 2018	October 11, 2019
TLS-SSL - CVE-2018-0732	July 22, 2018	July 27, 2018
TLS-SSL - CVE-2017-3735	July 22, 2018	July 22, 2018
TLS-SSL - CVE-2017-3736/3737/3738	July 22, 2018	July 22, 2018
SSH - CVE-2016-0777	July 22, 2018	July 22, 2018
THUNDER LOM/IPMI - CVE-2013-4786	July 22, 2018	July 22, 2018
MGMT ACLs Can Override MGMT Service Disable Commands	July 19, 2018	October 11, 2019
WAF - SQL Injection Attack (SQLIA) Vulnerability	July 18, 2018	July 23, 2018
TLS-SSL - CVE-2017-3732, CVE-2016-7055	July 18, 2018	July 18, 2018
HTTPD - CVE-2017-3169, CVE-2017-7679	July 16, 2018	October 11, 2019
SSH DH MODULUS <= 1024 BITS (LOGJAM)	July 14, 2018	October 17, 2019
AUDIT LOG CLEAR - VULNERABILTY	July 12, 2018	October 17, 2018
TLS/SSL - CVE-2016-10213	July 12, 2018	July 12, 2018
SPECTRE/MELTDOWN VULNERABILITIES	January 5, 2018	October 11, 2019
Virtual Application Patch CVE-2017-9805	September 15, 2017	September 15, 2017
NTP - CVE-2017-6462, CVE-2017-6451, CVE-2016-9042	August 10, 2017	January 25, 2021
GUI - A10HELP XSS VULNERABILITY	August 9, 2017	August 9, 2017
ICMP - TIMESTAMP RESPONSE, CVE-1999-0524	August 8, 2017	October 17, 2019
SSH - CVE-2016-3115, CVE-2010-5107	August 8, 2017	October 16, 2019
SSH - SHA2 HMACS, CVE-2008-5161, WEAK MACS	August 8, 2017	October 11, 2019
SYSTEM - VULNERABILITIES #1 - ACOS 3.X, 4.X	August 7, 2017	October 11, 2019
GUI/AXAPI - VULNERABILITIES #1 - ACOS 3.X, 4.X	August 4, 2017	October 16, 2019
TLS/SSL - TLS 1.0 PROTOCOL SUPPORTED, CVE-2011-3389	August 3, 2017	October 24, 2019
TLS/SSL - 3DES CIPHER SUPPORTED, CVE-2016-2183	August 2, 2017	October 21, 2019
TLS/SSL - RC4 CIPHERS SUPPORTED, CVE-2013-2566, CVE-2015-2808	August 1, 2017	October 17, 2019
TLS/SSL - DES AND IDEA CIPHERS SUPPORTED	July 31, 2017	October 17, 2019
SSH - CVE-2015-5600	July 28, 2017	October 11, 2019
NTP - CVE-2016-7429, CVE-2016-7433	July 27, 2017	October 11, 2019
TLS/SSL - CVE-2016-8610	July 25, 2017	July 25, 2017
TLS/SSL - CVE-2016-6304	July 24, 2017	July 24, 2017
#CVE-2016-2108	May 11, 2016	May 11, 2016
#CVE-2015-7547	February 18, 2016	February 18, 2016
#CVE-2015-7575	February 17, 2016	February 17, 2016
#CVE-2016-0777 and CVE-2016-0778	January 18, 2016	January 18, 2016
#CVE-2015-3195	December 3, 2015	December 3, 2015
#CVE-2015-5307 and CVE-2015-8104	November 10, 2015	November 10, 2015
#CVE-2015-7704, -7705, -7871	October 26, 2015	October 26, 2015
#CVE-2015-5621	September 3, 2015	September 3, 2015
#CVE-2015-{1788, 1789, 1790, 1791 and 1792}	June 18, 2015	June 18, 2015
#CVE-2015-0290, CVE-2015-0291, CVE-2015-0204, CVE-2015-0286, CVE-2015-0292, CVE-2015-0209, CVE-2014-3571, CVE-2015-0206, CVE-2015-0207	March 8, 2015	April 18, 2018
#CVE-2015-0235	February 2, 2015	February 10, 2015
#CVE-2014-3571, 3569, 3572, 8275, 3570 and #CVE-2015-0204, 0205, 0206	January 8, 2015	January 8, 2015
NTP (#CVE-2014-9293, #CVE-2014-9294, #CVE-2014-9295, #CVE-2014-9296)	December 29, 2014	December 29, 2014
#CVE-2014-8730	December 8, 2014	December 8, 2014
Technical Support Advisory: Recommended SSL Templates for PFS (Perfect Forward Secrecy) Ciphers	November 4, 2014	November 4, 2014
#CVE-2014-3513 and CVE-2014-3567	October 15, 2014	October 15, 2014
"POODLE" #CVE-2014-3566	October 14, 2014	November 3, 2014
Shellshock Bash; Multiple #CVEs	October 1, 2014	March 13, 2020
A10 Vulnerability to "Shellshock Bash" #CVE-2014-6271	September 24, 2014	February 17, 2020
OpenSSL Security Advisory	June 5, 2014	June 5, 2014
ACOS Buffer Overflow Vulnerability Issued by NCCIC/US Cert (CVE-2014-3976)	April 9, 2014	June 2, 2014
A10 Products Not Vulnerable to OpenSSL CVE-2014-0160 (Heartbleed)	April 9, 2014	April 9, 2014

No Registration Required

Registration Required

Product Security Incident Response Team (PSIRT)

Our team is here to help

Urgent Support for A10 customers

How to Report a Product Vulnerability