CVE-2016-10213

CWE-200 — Information Exposure4 documents4 sources

Severity

5.9MEDIUM

EPSS

0.5%

top 36.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

A10networks Advanced Core Operating System

Timeline

PublishedFeb 8

Latest updateMay 17

Description

A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

▶NVDa10networks/advanced_core_operating_system2.7.2

🔴Vulnerability Details

GHSA

GHSA-m72p-mqgg-7q2p: A10 AX1030 and possibly other devices with software before 2↗2022-05-17

▶

CVEList

CVE-2016-10213: A10 AX1030 and possibly other devices with software before 2↗2017-02-08

▶

📋Vendor Advisories

Citrix

CVE-2016-0270: IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which make↗2017-02-08

▶