Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2020-24384

Vulnerability from fkie_nvd - Published: 2020-11-10 14:15 - Updated: 2024-11-21 05:14

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected.

References

	URL	Tags
	cve@mitre.org	https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384	Mitigation, Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384	Mitigation, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
a10networks	agalaxy	*
a10networks	agalaxy	*
a10networks	agalaxy	3.0.1
a10networks	agalaxy	3.0.4
a10networks	agalaxy	5.0.5
a10networks	advanced_core_operating_system	3.2.2
a10networks	advanced_core_operating_system	3.2.2
a10networks	advanced_core_operating_system	3.2.3
a10networks	advanced_core_operating_system	3.2.3
a10networks	advanced_core_operating_system	3.2.4
a10networks	advanced_core_operating_system	3.2.4
a10networks	advanced_core_operating_system	3.2.5
a10networks	advanced_core_operating_system	3.2.5
a10networks	advanced_core_operating_system	4.0.0
a10networks	advanced_core_operating_system	4.0.1
a10networks	advanced_core_operating_system	4.1.0
a10networks	advanced_core_operating_system	4.1.0
a10networks	advanced_core_operating_system	4.1.1
a10networks	advanced_core_operating_system	4.1.1
a10networks	advanced_core_operating_system	4.1.2
a10networks	advanced_core_operating_system	4.1.2
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.100
a10networks	advanced_core_operating_system	4.1.100
a10networks	advanced_core_operating_system	5.1.0
a10networks	advanced_core_operating_system	5.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:a10networks:agalaxy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5500256E-D48A-458D-ACCD-04CFFF02E865",
              "versionEndIncluding": "3.2.4",
              "versionStartIncluding": "3.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:a10networks:agalaxy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43397743-A284-41A8-972D-61BB362C4DA3",
              "versionEndExcluding": "5.0.5",
              "versionStartIncluding": "5.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:a10networks:agalaxy:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE9B56DC-D45A-416E-AAC0-09B2D9D2CE93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:a10networks:agalaxy:3.0.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "34AD3D63-8524-422A-8CE4-392DE6F74104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:a10networks:agalaxy:5.0.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "BC41B226-C249-4677-89CB-3787BD8F3B52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "6514C456-8CA5-4939-A80C-6A3081CC64F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.2:p8:*:*:*:*:*:*",
              "matchCriteriaId": "28642F62-91FB-4F92-A4D1-53985F26FC75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "07E749B1-1A78-47B8-9BD4-0B5B6D95DBCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9F305ADC-1134-4803-96FB-57C14822AF6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "41F51E66-E577-424F-B74B-F306D49A802B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "6EC8374A-A278-4263-80F3-746A887FBE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "0ACFE471-EF10-4157-9236-13D6FEE298F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7A22D257-3230-40BB-B50A-DD96EC5966AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "20BA3258-B0A2-4A89-800B-2A9F4AC05761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.0.1:p3:*:*:*:*:*:*",
              "matchCriteriaId": "E5DEA310-5EDE-4212-9D16-3067666A16FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "18D0BE5E-B432-4F69-B6E9-EFF68AB04E86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.0:p13:*:*:*:*:*:*",
              "matchCriteriaId": "4F4DC16D-4484-4C81-8F6C-288BD87A2073",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "00FBA24A-2494-4C8C-A55F-5B215C4C18F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.1:p13:sp1:*:*:*:*:*",
              "matchCriteriaId": "778A9624-7995-44E8-926C-82A3601DAD24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "FD6BD1B0-D2A9-464E-945F-DEB1A7F944AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.2:p5:sp1:*:*:*:*:*",
              "matchCriteriaId": "181C5A1C-19B7-4C19-AAFC-B417EA1C8CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "9631578F-ECEA-4215-B00E-79E89E191A09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p4:sp1:*:*:*:*:*",
              "matchCriteriaId": "DFAA40FD-6A6C-45A7-81DE-2824FC972FBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.100:-:*:*:*:*:*:*",
              "matchCriteriaId": "AC830D1C-11B9-4E2F-BB61-532D731E74F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.100:p7:*:*:*:*:*:*",
              "matchCriteriaId": "39207A9E-8C7A-477C-A6EA-CCB68FF0F8E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "B414EAFE-FB76-4B64-8781-E2653A38D9F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "912D9FD6-D52E-42FA-9CF3-D84955E9907D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected."
    },
    {
      "lang": "es",
      "value": "Las Interfaces de Usuario Graficas (GUIs) de administraci\u00f3n de A10 Networks ACOS y aGalaxy, presentan una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota (RCE) no autenticada que podr\u00eda ser usada para comprometer los sistemas ACOS afectados.\u0026#xa0;Las versiones de ACOS 3.2.x (incluyendo y posteriores a 3.2.2), versiones 4.x y 5.1.x est\u00e1n afectadas.\u0026#xa0;aGalaxy versiones 3.0.x, 3.2.x y 5.0.x est\u00e1n afectadas"
    }
  ],
  "id": "CVE-2020-24384",
  "lastModified": "2024-11-21T05:14:42.827",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-11-10T14:15:10.617",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2020-24384 (GCVE-0-2020-24384)

Vulnerability from cvelistv5 – Published: 2020-11-10 13:46 – Updated: 2024-08-04 15:12

Summary

A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

https://support.a10networks.com/support/security_…

x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:12:08.651Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-10T13:46:34",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-24384",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384",
              "refsource": "CONFIRM",
              "url": "https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-24384",
    "datePublished": "2020-11-10T13:46:34",
    "dateReserved": "2020-08-18T00:00:00",
    "dateUpdated": "2024-08-04T15:12:08.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-24384 (GCVE-0-2020-24384)

Vulnerability from nvd – Published: 2020-11-10 13:46 – Updated: 2024-08-04 15:12

Summary

A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

https://support.a10networks.com/support/security_…

x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:12:08.651Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-10T13:46:34",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-24384",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384",
              "refsource": "CONFIRM",
              "url": "https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-24384",
    "datePublished": "2020-11-10T13:46:34",
    "dateReserved": "2020-08-18T00:00:00",
    "dateUpdated": "2024-08-04T15:12:08.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

3 vulnerabilities found for agalaxy by a10networks

FKIE_CVE-2020-24384

CVE-2020-24384 (GCVE-0-2020-24384)

CVE-2020-24384 (GCVE-0-2020-24384)