Vulnerability Name: | CVE-2014-3976 (CCN-92285) | ||||||||
Assigned: | 2014-04-02 | ||||||||
Published: | 2014-04-02 | ||||||||
Updated: | 2015-09-02 | ||||||||
Summary: | Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. Note: some of these details are obtained from third party information. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-119 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2014-3976 Source: OSVDB Type: UNKNOWN 105354 Source: MISC Type: Exploit http://packetstormsecurity.com/files/125979/A10-Networks-ACOS-2.7.0-P2-Buffer-Overflow.html Source: FULLDISC Type: Exploit 20140402 [Quantum Leap Advisory] #QLA140402 - A10 Networks remote Buffer Overflow Source: CCN Type: SA57640 Advanced Core Operating System (ACOS) HTTP Requests URI Processing Buffer Overflow Vulnerability Source: SECUNIA Type: UNKNOWN 57640 Source: CCN Type: A10 Networks Web site ACOS Source: EXPLOIT-DB Type: Exploit 32702 Source: MISC Type: Exploit http://www.quantumleap.it/a10-networks-remote-buffer-overflow-softax Source: CCN Type: QLA140402 A10 Networks remote Buffer Overflow Source: BID Type: UNKNOWN 66588 Source: CCN Type: BID-66588 A10 Networks ACOS Remote Buffer Overflow Vulnerability Source: XF Type: UNKNOWN acos-request-bo(92285) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |