In March, 2022, OpenSSL.org released a security advisory  detailing an issue with the BN_mod_sqrt() function in OpenSSL used when parsing certificates. The following vulnerability can impart DoS impacts on ACOS ADC and SSLi data plane services, ACOS management plane services, aGalaxy local and ACOS device management services, and Harmony Controller local and ACOS device management services.
|1||CVE-2022-0778||CVSS 3.0||7.5 High||openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates |
The table below indicates releases of A10 products exposed to these vulnerabilities and their releases that address these issues or are otherwise unaffected by them.
Customers using affected A10 product releases can overcome vulnerability exposures by updating to the indicated resolved release. If the table does not list a corresponding resolved or unaffected release, then no product release update is currently available.
|Product Family||Releases Affected||Releases Resolved or Unaffected|
|ACOS||5.0.0 - 5.2.1-P4||5.2.1-P5|
|ACOS||5.0.1 TPS - 5.0.2-P1 TPS||5.0.2-P2 TPS|
|ACOS||4.1.0 - 4.1.4-GR1-P9||4.1.4-GR1-P10|
|ACOS||4.1.100 - 4.1.100-P7||None|
|ACOS||3.1.0-P1 - 3.2.5-P6||5.0.2-P2 TPS|
|ACOS||2.8.2 - 2.8.2-P10||4.1.4-GR1-P10, 5.2.1-P5|
|ACOS||2.7.2 - 2.7.2-P17||4.1.4-GR1-P10, 5.2.1-P5|
|aGalaxy TPS||3.2.1 - 5.0.10||5.0.11|
For all version of A10 Harmony Controller, customers should update the CentOS or RHEL operating system to correct this vulnerability on their systems hosting the Harmony Controller software product.
To mitigate this issue for the ACOS ADC and SSLi data plane services, use the "client-certificate Ignore" (which is the default) for all configured "slb template client-ssl" instances. For ACOS ADC, ensure the integrity of communications with, and the certificates on, TLS servers for configured "slb template server-ssl" instances. No mitigations are available for ACOS SSLi configured "slb template server-ssl" instances.
To mitigate this issue for the ACOS management plane, ensure the integrity of communication with, and the certificates on, TLS servers configured in ACOS or indicated during ACOS management operations. These include HTTPS file, LDAPS external authentication, and A10 ELM license management servers. Alternately, SCP or SFTP methods for secure file transfer can be used instead of HTTPS and Radius or TACACS+ can be used instead of LDAPS.
Further ACOS management plane mitigations can include ensuring the integrity of communication with A10 GLM license management and Brightcloud web-category services.
To mitigate this issue for aGalaxy and Harmony Controller, ensure the integrity of communications between these devices (instances) and the ACOS devices they manage was well as the A10 license management (ELM/GLM) services they may access.
Ensuring the integrity of these communications seeks to reduce the risk of man-in-the-middle attackers impersonating trusted servers and services exploiting this vulnerability.
Software updates that address these vulnerabilities are or will be published at the following URL:
The following table shares brief descriptions for the vulnerabilities addressed in this document.
|Vulnerability ID||Vulnerability Description|
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
|Ref #||General Link|
|1||OpenSSL Security Advisory [15 March 2022]|
|2||NIST NVD CVE-2022-0778|
|1.0||April 8, 2022||
|2.0||May 10, 2022||
Expanded scope to include A10 aGalaxy and Harmony Controller (HC),products. Extended ACOS exposure scope discussion. Updated/refined workarounds/mitigation. Updated affected A10 product releases table.
© Copyright 2022 A10 Networks, Inc. All Rights Reserved.
This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability, non-infringement or fitness for a particular use. Your use of the information in this document or materials linked from this document is at your own risk. A10 Networks, Inc. reserves the right to change or update the information in this document at any time.