critical
10
Advisory Published
Updated

CVE-2020-24384

First published: Tue Nov 10 2020(Updated: )

A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
A10networks Agalaxy>=3.2.1<=3.2.4
A10networks Agalaxy>=5.0.1<5.0.5
A10networks Agalaxy=3.0.1
A10networks Agalaxy=3.0.4-p3
A10networks Agalaxy=5.0.5
A10networks Advanced Core Operating System=3.2.2
A10networks Advanced Core Operating System=3.2.2-p8
A10networks Advanced Core Operating System=3.2.3
A10networks Advanced Core Operating System=3.2.3-p5
A10networks Advanced Core Operating System=3.2.4
A10networks Advanced Core Operating System=3.2.4-p5
A10networks Advanced Core Operating System=3.2.5
A10networks Advanced Core Operating System=3.2.5-p1
A10networks Advanced Core Operating System=4.0.0
A10networks Advanced Core Operating System=4.0.1-p3
A10networks Advanced Core Operating System=4.1.0
A10networks Advanced Core Operating System=4.1.0-p13
A10networks Advanced Core Operating System=4.1.1
A10networks Advanced Core Operating System=4.1.1-p13
A10networks Advanced Core Operating System=4.1.2
A10networks Advanced Core Operating System=4.1.2-p5
A10networks Advanced Core Operating System=4.1.4
A10networks Advanced Core Operating System=4.1.4-gr1-p4
A10networks Advanced Core Operating System=4.1.100
A10networks Advanced Core Operating System=4.1.100-p7
A10networks Advanced Core Operating System=5.1.0
A10networks Advanced Core Operating System=5.1.0-p3

Remedy

https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2020-24384?

    CVE-2020-24384 is a critical vulnerability in A10 Networks ACOS and aGalaxy management GUIs that allows unauthenticated remote code execution.

  • Which systems are affected by CVE-2020-24384?

    ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.1-3.2.4, and 5.0.1-5.0.5 are also affected.

  • What is the severity of CVE-2020-24384?

    CVE-2020-24384 has a severity rating of 9.8, which is considered critical.

  • How can I fix CVE-2020-24384?

    To fix CVE-2020-24384, it is recommended to upgrade to the latest patched version of ACOS or aGalaxy as provided by A10 Networks.

  • Where can I find more information about CVE-2020-24384?

    You can find more information about CVE-2020-24384 on the A10 Networks security advisory page at https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203