cvelistv5 - cve-2024-30369

CVE-2024-30369 (GCVE-0-2024-30369)

Vulnerability from cvelistv5 – Published: 2024-06-06 17:53 – Updated: 2024-08-02 01:32

Summary

A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754.

Severity ?

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-732 - Incorrect Permission Assignment for Critical Resource

Assigner

zdi

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_research-advisory
	https://support.a10networks.com/support/security_…	vendor-advisory

Impacted products

	Vendor	Product	Version
	A10	Thunder ADC	Affected: 6.0.2, build 68

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:a10networks:thunder_adc:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thunder_adc",
            "vendor": "a10networks",
            "versions": [
              {
                "lessThan": "6.0.3-p1",
                "status": "affected",
                "version": "6.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "5.2.1-p10",
                "status": "affected",
                "version": "5.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.1.4-gr1-p14",
                "status": "affected",
                "version": "4.1.4",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-30369",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-06T19:06:03.019548Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T19:30:08.524Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:32:07.045Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-24-525",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-525/"
          },
          {
            "name": "vendor-provided URL",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Thunder ADC",
          "vendor": "A10",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2, build 68"
            }
          ]
        }
      ],
      "dateAssigned": "2024-03-26T14:40:42.708-05:00",
      "datePublic": "2024-05-29T15:09:26.200-05:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-06T17:53:01.730Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-525",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-525/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Anonymous"
      },
      "title": "A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-30369",
    "datePublished": "2024-06-06T17:53:01.730Z",
    "dateReserved": "2024-03-26T18:52:36.418Z",
    "dateUpdated": "2024-08-02T01:32:07.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"9631578F-ECEA-4215-B00E-79E89E191A09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B958B188-D5AF-44C9-9BCC-2CCA005B98A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0883D4AC-8C5B-458A-876F-CF570EEB0146\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p10:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DFFBBF2-E1FC-4B42-A1CD-B3FB67906D4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p11:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC015A07-1951-46AB-8466-27BA76060E3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p12:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF8058B1-CA56-4DAD-9655-7EF7B16430B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p13:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DBCE7ED-3E64-4976-915C-5BA16C2DACDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAF71588-C4F2-48F5-8D0C-D5B5E073D435\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"54E848B1-5691-4724-BD9F-0734ED3203DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDAFED8E-268B-417B-ACB0-DD13B0B4F98E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"40FDFFC6-6CA9-4A9B-9B5F-8060A17F3B61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p6:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFE9F160-FEEE-4541-AED2-2596E66B3232\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p7:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FA649CA-A839-4226-86D5-054A4866E0A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p8:*:*:*:*:*:*\", \"matchCriteriaId\": \"20693C67-0BA2-492D-BEF5-D030ADE01BD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p9:*:*:*:*:*:*\", \"matchCriteriaId\": \"6245D321-25B0-4A6B-9B3F-77B7FE36FCA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F993C993-D118-45A3-9F95-382B54E25439\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A07BA640-B5C1-43AF-8AF9-949A46CB01B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C51A689A-8334-4997-ADB9-3420B40D4366\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"B414EAFE-FB76-4B64-8781-E2653A38D9F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"912D9FD6-D52E-42FA-9CF3-D84955E9907D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3A46FE8-F0F5-4E28-A161-53F38FABD96B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED63FC6B-4925-47BE-A41D-9DD3C45A2393\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p6:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D0CA74D-733A-4F6B-A524-A55E1FBEE390\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"295BC404-0D55-4CCD-B560-F09660A1EBA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.0:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC60D936-4B5A-4CB1-B026-5E53A9CBA9A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"17DC4C4E-CEE1-436A-B72F-91CE78465004\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0FFF9D4-4301-45E8-B3F2-585322FA5EF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"855FA85C-0BAE-404A-B23B-2A4B0044304B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"96DEFC5B-F240-4614-881C-B0D0C5B61D24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C458DFE-C29E-4B23-8190-056DC60961CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BF8645F-FAEF-4B80-879E-9E5BB90194C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p6:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA988842-7A35-4FDE-8A49-3886317DD562\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p7:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9E299E7-5509-4A39-99DA-5E25751C7598\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p8:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC39BD39-6DE5-44F7-9EB3-7CE6A3C3788A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p9:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3894037-A372-4333-8F67-1FE3C051F4FD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF4A10A8-6188-4A78-B9D8-81860AE5DE87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA78B990-1FAF-44C6-B3D9-0D8B5BD43E66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D97ECCE-3444-4C6B-A762-DFEFC258B7E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p2-sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DC9B659-3801-451A-9F91-BB24B4B9DA4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0563C77A-38A5-4A57-A861-C343F04A0246\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0E9CC13-3322-4125-BC9B-3BDE06CAEE34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.2:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B44E3F7E-6960-4C1A-B741-039382EAA335\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.3:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED618378-2172-4835-AF85-3C9327EC36EF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\\n\\nThe specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de escalada de privilegios locales de asignaci\\u00f3n de permisos incorrecta en A10 Thunder ADC. Esta vulnerabilidad permite a atacantes locales escalar privilegios en las instalaciones afectadas de A10 Thunder ADC. Un atacante primero debe obtener la capacidad de ejecutar c\\u00f3digo con pocos privilegios en el sistema de destino para poder aprovechar esta vulnerabilidad. La falla espec\\u00edfica existe dentro del instalador. El problema se debe a permisos incorrectos en un archivo. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\\u00f3digo arbitrario en el contexto de la ra\\u00edz. Era ZDI-CAN-22754.\"}]",
      "id": "CVE-2024-30369",
      "lastModified": "2024-11-21T09:11:47.653",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"zdi-disclosures@trendmicro.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2024-06-06T18:15:13.720",
      "references": "[{\"url\": \"https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369\", \"source\": \"zdi-disclosures@trendmicro.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-24-525/\", \"source\": \"zdi-disclosures@trendmicro.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-24-525/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "zdi-disclosures@trendmicro.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"zdi-disclosures@trendmicro.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-30369\",\"sourceIdentifier\":\"zdi-disclosures@trendmicro.com\",\"published\":\"2024-06-06T18:15:13.720\",\"lastModified\":\"2024-11-21T09:11:47.653\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\\n\\nThe specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de escalada de privilegios locales de asignaci\u00f3n de permisos incorrecta en A10 Thunder ADC. Esta vulnerabilidad permite a atacantes locales escalar privilegios en las instalaciones afectadas de A10 Thunder ADC. Un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro del instalador. El problema se debe a permisos incorrectos en un archivo. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto de la ra\u00edz. Era ZDI-CAN-22754.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9631578F-ECEA-4215-B00E-79E89E191A09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B958B188-D5AF-44C9-9BCC-2CCA005B98A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0883D4AC-8C5B-458A-876F-CF570EEB0146\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DFFBBF2-E1FC-4B42-A1CD-B3FB67906D4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC015A07-1951-46AB-8466-27BA76060E3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF8058B1-CA56-4DAD-9655-7EF7B16430B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DBCE7ED-3E64-4976-915C-5BA16C2DACDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAF71588-C4F2-48F5-8D0C-D5B5E073D435\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"54E848B1-5691-4724-BD9F-0734ED3203DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDAFED8E-268B-417B-ACB0-DD13B0B4F98E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"40FDFFC6-6CA9-4A9B-9B5F-8060A17F3B61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFE9F160-FEEE-4541-AED2-2596E66B3232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FA649CA-A839-4226-86D5-054A4866E0A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"20693C67-0BA2-492D-BEF5-D030ADE01BD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"6245D321-25B0-4A6B-9B3F-77B7FE36FCA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F993C993-D118-45A3-9F95-382B54E25439\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A07BA640-B5C1-43AF-8AF9-949A46CB01B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C51A689A-8334-4997-ADB9-3420B40D4366\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B414EAFE-FB76-4B64-8781-E2653A38D9F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"912D9FD6-D52E-42FA-9CF3-D84955E9907D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3A46FE8-F0F5-4E28-A161-53F38FABD96B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED63FC6B-4925-47BE-A41D-9DD3C45A2393\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D0CA74D-733A-4F6B-A524-A55E1FBEE390\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"295BC404-0D55-4CCD-B560-F09660A1EBA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC60D936-4B5A-4CB1-B026-5E53A9CBA9A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"17DC4C4E-CEE1-436A-B72F-91CE78465004\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0FFF9D4-4301-45E8-B3F2-585322FA5EF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"855FA85C-0BAE-404A-B23B-2A4B0044304B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"96DEFC5B-F240-4614-881C-B0D0C5B61D24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C458DFE-C29E-4B23-8190-056DC60961CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BF8645F-FAEF-4B80-879E-9E5BB90194C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA988842-7A35-4FDE-8A49-3886317DD562\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9E299E7-5509-4A39-99DA-5E25751C7598\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC39BD39-6DE5-44F7-9EB3-7CE6A3C3788A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3894037-A372-4333-8F67-1FE3C051F4FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF4A10A8-6188-4A78-B9D8-81860AE5DE87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA78B990-1FAF-44C6-B3D9-0D8B5BD43E66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D97ECCE-3444-4C6B-A762-DFEFC258B7E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p2-sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DC9B659-3801-451A-9F91-BB24B4B9DA4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0563C77A-38A5-4A57-A861-C343F04A0246\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0E9CC13-3322-4125-BC9B-3BDE06CAEE34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.2:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B44E3F7E-6960-4C1A-B741-039382EAA335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED618378-2172-4835-AF85-3C9327EC36EF\"}]}]}],\"references\":[{\"url\":\"https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-24-525/\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-24-525/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-24-525/\", \"name\": \"ZDI-24-525\", \"tags\": [\"x_research-advisory\", \"x_transferred\"]}, {\"url\": \"https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369\", \"name\": \"vendor-provided URL\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:32:07.045Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-30369\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-06T19:06:03.019548Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:a10networks:thunder_adc:*:*:*:*:*:*:*:*\"], \"vendor\": \"a10networks\", \"product\": \"thunder_adc\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.0.3-p1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"5.1.0\", \"lessThan\": \"5.2.1-p10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.1.4\", \"lessThan\": \"4.1.4-gr1-p14\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-06T19:30:00.342Z\"}}], \"cna\": {\"title\": \"A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability\", \"source\": {\"lang\": \"en\", \"value\": \"Anonymous\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"A10\", \"product\": \"Thunder ADC\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.2, build 68\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2024-05-29T15:09:26.200-05:00\", \"references\": [{\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-24-525/\", \"name\": \"ZDI-24-525\", \"tags\": [\"x_research-advisory\"]}, {\"url\": \"https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369\", \"name\": \"vendor-provided URL\", \"tags\": [\"vendor-advisory\"]}], \"dateAssigned\": \"2024-03-26T14:40:42.708-05:00\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\\n\\nThe specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-732\", \"description\": \"CWE-732: Incorrect Permission Assignment for Critical Resource\"}]}], \"providerMetadata\": {\"orgId\": \"99f1926a-a320-47d8-bbb5-42feb611262e\", \"shortName\": \"zdi\", \"dateUpdated\": \"2024-06-06T17:53:01.730Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-30369\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T01:32:07.045Z\", \"dateReserved\": \"2024-03-26T18:52:36.418Z\", \"assignerOrgId\": \"99f1926a-a320-47d8-bbb5-42feb611262e\", \"datePublished\": \"2024-06-06T17:53:01.730Z\", \"assignerShortName\": \"zdi\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-30369

Vulnerability from fkie_nvd - Published: 2024-06-06 18:15 - Updated: 2024-11-21 09:11

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
zdi-disclosures@trendmicro.com	https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369	Vendor Advisory
zdi-disclosures@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-24-525/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-24-525/	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	4.1.4
a10networks	advanced_core_operating_system	5.1.0
a10networks	advanced_core_operating_system	5.1.0
a10networks	advanced_core_operating_system	5.1.0
a10networks	advanced_core_operating_system	5.1.0
a10networks	advanced_core_operating_system	5.1.0
a10networks	advanced_core_operating_system	5.2.0
a10networks	advanced_core_operating_system	5.2.0
a10networks	advanced_core_operating_system	5.2.1
a10networks	advanced_core_operating_system	5.2.1
a10networks	advanced_core_operating_system	5.2.1
a10networks	advanced_core_operating_system	5.2.1
a10networks	advanced_core_operating_system	5.2.1
a10networks	advanced_core_operating_system	5.2.1
a10networks	advanced_core_operating_system	5.2.1
a10networks	advanced_core_operating_system	5.2.1
a10networks	advanced_core_operating_system	5.2.1
a10networks	advanced_core_operating_system	5.2.1
a10networks	advanced_core_operating_system	6.0.0
a10networks	advanced_core_operating_system	6.0.0
a10networks	advanced_core_operating_system	6.0.0
a10networks	advanced_core_operating_system	6.0.0
a10networks	advanced_core_operating_system	6.0.1
a10networks	advanced_core_operating_system	6.0.2
a10networks	advanced_core_operating_system	6.0.2
a10networks	advanced_core_operating_system	6.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "9631578F-ECEA-4215-B00E-79E89E191A09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1:*:*:*:*:*:*",
              "matchCriteriaId": "B958B188-D5AF-44C9-9BCC-2CCA005B98A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p1:*:*:*:*:*:*",
              "matchCriteriaId": "0883D4AC-8C5B-458A-876F-CF570EEB0146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p10:*:*:*:*:*:*",
              "matchCriteriaId": "6DFFBBF2-E1FC-4B42-A1CD-B3FB67906D4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p11:*:*:*:*:*:*",
              "matchCriteriaId": "AC015A07-1951-46AB-8466-27BA76060E3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p12:*:*:*:*:*:*",
              "matchCriteriaId": "EF8058B1-CA56-4DAD-9655-7EF7B16430B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p13:*:*:*:*:*:*",
              "matchCriteriaId": "0DBCE7ED-3E64-4976-915C-5BA16C2DACDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p2:*:*:*:*:*:*",
              "matchCriteriaId": "BAF71588-C4F2-48F5-8D0C-D5B5E073D435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p3:*:*:*:*:*:*",
              "matchCriteriaId": "54E848B1-5691-4724-BD9F-0734ED3203DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p4:*:*:*:*:*:*",
              "matchCriteriaId": "CDAFED8E-268B-417B-ACB0-DD13B0B4F98E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p5:*:*:*:*:*:*",
              "matchCriteriaId": "40FDFFC6-6CA9-4A9B-9B5F-8060A17F3B61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p6:*:*:*:*:*:*",
              "matchCriteriaId": "AFE9F160-FEEE-4541-AED2-2596E66B3232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p7:*:*:*:*:*:*",
              "matchCriteriaId": "9FA649CA-A839-4226-86D5-054A4866E0A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p8:*:*:*:*:*:*",
              "matchCriteriaId": "20693C67-0BA2-492D-BEF5-D030ADE01BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p9:*:*:*:*:*:*",
              "matchCriteriaId": "6245D321-25B0-4A6B-9B3F-77B7FE36FCA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "F993C993-D118-45A3-9F95-382B54E25439",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "A07BA640-B5C1-43AF-8AF9-949A46CB01B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "C51A689A-8334-4997-ADB9-3420B40D4366",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "B414EAFE-FB76-4B64-8781-E2653A38D9F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "912D9FD6-D52E-42FA-9CF3-D84955E9907D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "B3A46FE8-F0F5-4E28-A161-53F38FABD96B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p5:*:*:*:*:*:*",
              "matchCriteriaId": "ED63FC6B-4925-47BE-A41D-9DD3C45A2393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p6:*:*:*:*:*:*",
              "matchCriteriaId": "9D0CA74D-733A-4F6B-A524-A55E1FBEE390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "295BC404-0D55-4CCD-B560-F09660A1EBA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "EC60D936-4B5A-4CB1-B026-5E53A9CBA9A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "17DC4C4E-CEE1-436A-B72F-91CE78465004",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p1:*:*:*:*:*:*",
              "matchCriteriaId": "C0FFF9D4-4301-45E8-B3F2-585322FA5EF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p2:*:*:*:*:*:*",
              "matchCriteriaId": "855FA85C-0BAE-404A-B23B-2A4B0044304B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p3:*:*:*:*:*:*",
              "matchCriteriaId": "96DEFC5B-F240-4614-881C-B0D0C5B61D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3C458DFE-C29E-4B23-8190-056DC60961CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p5:*:*:*:*:*:*",
              "matchCriteriaId": "1BF8645F-FAEF-4B80-879E-9E5BB90194C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p6:*:*:*:*:*:*",
              "matchCriteriaId": "FA988842-7A35-4FDE-8A49-3886317DD562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p7:*:*:*:*:*:*",
              "matchCriteriaId": "E9E299E7-5509-4A39-99DA-5E25751C7598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p8:*:*:*:*:*:*",
              "matchCriteriaId": "AC39BD39-6DE5-44F7-9EB3-7CE6A3C3788A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p9:*:*:*:*:*:*",
              "matchCriteriaId": "A3894037-A372-4333-8F67-1FE3C051F4FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "BF4A10A8-6188-4A78-B9D8-81860AE5DE87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "AA78B990-1FAF-44C6-B3D9-0D8B5BD43E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "5D97ECCE-3444-4C6B-A762-DFEFC258B7E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.0:p2-sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7DC9B659-3801-451A-9F91-BB24B4B9DA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0563C77A-38A5-4A57-A861-C343F04A0246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9CC13-3322-4125-BC9B-3BDE06CAEE34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "B44E3F7E-6960-4C1A-B741-039382EAA335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:6.0.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "ED618378-2172-4835-AF85-3C9327EC36EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de escalada de privilegios locales de asignaci\u00f3n de permisos incorrecta en A10 Thunder ADC. Esta vulnerabilidad permite a atacantes locales escalar privilegios en las instalaciones afectadas de A10 Thunder ADC. Un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro del instalador. El problema se debe a permisos incorrectos en un archivo. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto de la ra\u00edz. Era ZDI-CAN-22754."
    }
  ],
  "id": "CVE-2024-30369",
  "lastModified": "2024-11-21T09:11:47.653",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-06T18:15:13.720",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369"
    },
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-525/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-525/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

WID-SEC-W-2024-1283

Vulnerability from csaf_certbund - Published: 2024-06-03 22:00 - Updated: 2024-06-03 22:00

Summary

A10 Networks ACOS: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Advanced Core Operating System (ACOS) ist ein Betriebssystem, das für A10 Networks Geräte wie z. B. Router, Switches und Firewalls eingesetzt wird.

Angriff

Ein Angreifer kann mehrere Schwachstellen in A10 Networks ACOS ausnutzen, um seine Privilegien zu erhöhen oder beliebigen Code auszuführen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Advanced Core Operating System (ACOS) ist ein Betriebssystem, das f\u00fcr A10 Networks Ger\u00e4te wie z. B. Router, Switches und Firewalls eingesetzt wird.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in A10 Networks ACOS ausnutzen, um seine Privilegien zu erh\u00f6hen oder beliebigen Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1283 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1283.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1283 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1283"
      },
      {
        "category": "external",
        "summary": "A10 Security Advisory vom 2024-06-03",
        "url": "https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369"
      }
    ],
    "source_lang": "en-US",
    "title": "A10 Networks ACOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-06-03T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:09:47.691+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1283",
      "initial_release_date": "2024-06-03T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-06-03T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.0.3-P1",
                "product": {
                  "name": "A10 Networks ACOS \u003c6.0.3-P1",
                  "product_id": "T035162"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.2.1-P10",
                "product": {
                  "name": "A10 Networks ACOS \u003c5.2.1-P10",
                  "product_id": "T035163"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.1.4-GR1-P14",
                "product": {
                  "name": "A10 Networks ACOS \u003c4.1.4-GR1-P14",
                  "product_id": "T035164"
                }
              }
            ],
            "category": "product_name",
            "name": "ACOS"
          }
        ],
        "category": "vendor",
        "name": "A10 Networks"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-30369",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in A10 Networks ACOS. Dieser Fehler besteht in der Thunder ADC Komponente aufgrund einer unsachgem\u00e4\u00dfen Rechteverwaltung. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
        }
      ],
      "release_date": "2024-06-03T22:00:00.000+00:00",
      "title": "CVE-2024-30369"
    },
    {
      "cve": "CVE-2024-30368",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in A10 Networks ACOS. Dieser Fehler besteht in der Thunder ADC Komponente aufgrund einer unsachgem\u00e4\u00dfen Validierung einer vom Benutzer gelieferten Zeichenkette. Ein entfernter authentifizierter Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen."
        }
      ],
      "release_date": "2024-06-03T22:00:00.000+00:00",
      "title": "CVE-2024-30368"
    }
  ]
}

GSD-2024-30369

Vulnerability from gsd - Updated: 2024-04-03 05:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-30369

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-30369"
      ],
      "id": "GSD-2024-30369",
      "modified": "2024-04-03T05:02:29.075668Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-30369",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

GHSA-R94C-M5J6-3GF8

Vulnerability from github – Published: 2024-06-06 18:30 – Updated: 2024-06-06 18:30

Details

The specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754.

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-30369"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-06T18:15:13Z",
    "severity": "HIGH"
  },
  "details": "A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754.",
  "id": "GHSA-r94c-m5j6-3gf8",
  "modified": "2024-06-06T18:30:57Z",
  "published": "2024-06-06T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30369"
    },
    {
      "type": "WEB",
      "url": "https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-525"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-30369 (GCVE-0-2024-30369)

FKIE_CVE-2024-30369

WID-SEC-W-2024-1283

GSD-2024-30369

GHSA-R94C-M5J6-3GF8

Tags

Sightings

Nomenclature