A10 Networks ACOS GUI Directory Traversal Vulnerability (A10-2023-0006)

Critical Vulnerability Information ACOS GUI Vulnerability - A10-2023-0006 Release Date: September 12, 2023 Last Updated: September 12, 2023 Vulnerability Overview A vulnerability in the management Graphical User Interface (GUI) may allow an authenticated user to view, export, or delete system files on affected Thunder devices. The vulnerability requires successful user authentication and access to the affected system’s management port or through another configured management interface. Users are advised to apply software updates or hotfixes as soon as possible. Affected Versions Exploitation and Mitigation Disable GUI management. Implement identity management best practices. Implement network deployment best practices. Apply hotfixes. Software Updates Software updates addressing these vulnerabilities are available at the following URL: https://support.a10networks.com/support/axseries Vulnerability Details Related Links 1. https://www.zerodayinitiative.com/advisories/ZDI-CAN-17899 2. https://www.zerodayinitiative.com/advisories/ZDI-CAN-17905

Goal Reached Thanks to every supporter — we hit 100%!

A10 Networks ACOS GUI Directory Traversal Vulnerability (A10-2023-0006)