CVE-2020-24384 — Agalaxy vulnerability

3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

5.6%

top 9.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

A10networks Agalaxy A10networks Advanced Core Operating System

Timeline

PublishedNov 10

Latest updateMay 24

Description

A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDa10networks/agalaxy5.0.1 — 5.0.5+4

▶NVDa10networks/advanced_core_operating_system12 versions+11

Patches

Patch: support.a10networks.com ↗Patch: support.a10networks.com ↗

🔴Vulnerability Details

GHSA

GHSA-m7wp-fc57-4hr2: A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could↗2022-05-24

▶

CVEList

CVE-2020-24384: A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could↗2020-11-10

▶