Plattform
other
Komponente
a10-thunder-adc
Behoben in
5.2.2
CVE-2023-42130 is a directory traversal vulnerability discovered in A10 Thunder ADC. This flaw allows authenticated remote attackers to read and delete arbitrary files on the affected system, potentially leading to data breaches and system compromise. The vulnerability impacts versions 5.2.1-p3 and build 70. A fix is available from A10 Networks.
Successful exploitation of CVE-2023-42130 allows an attacker to bypass access controls and directly manipulate files on the Thunder ADC appliance. This includes sensitive configuration files, user credentials, and potentially application data. The ability to delete files could lead to denial of service or further compromise the system. Given the ADC's role in managing network traffic and application delivery, a successful attack could have a significant impact on the availability and integrity of services. The requirement for authentication limits the immediate blast radius, but a compromised user account could be leveraged to exploit this vulnerability.
CVE-2023-42130 was publicly disclosed on May 3, 2024. While no active exploitation campaigns have been publicly confirmed, the vulnerability's ease of exploitation and the potential impact make it a likely target. The vulnerability was initially reported to ZDI as ZDI-CAN-17905. The CVSS score of 8.3 (HIGH) indicates a significant risk, and it is recommended to prioritize remediation.
Organizations utilizing A10 Thunder ADC appliances in production environments, particularly those with legacy configurations or shared hosting setups, are at risk. Environments where user authentication is not strictly enforced or where user accounts have excessive privileges are especially vulnerable.
• linux / server: Monitor A10 Thunder ADC logs for unusual file access attempts, particularly those involving the FileMgmtExport functionality. Use journalctl to filter for relevant events.
journalctl -u thunderadcd | grep "FileMgmtExport"• generic web: Examine access logs for requests containing suspicious file paths or directory traversal sequences (e.g., ../).
grep '../' /var/log/apache2/access.log• other: Review A10 Thunder ADC configuration for overly permissive file access permissions. Check for any unauthorized user accounts with elevated privileges.
disclosure
Exploit-Status
EPSS
11.31% (94% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2023-42130 is to upgrade to a patched version of A10 Thunder ADC. Refer to the A10 Networks advisory for the specific fixed version. If immediate patching is not possible, consider implementing stricter access controls to limit the number of authenticated users with access to the FileMgmtExport functionality. While a direct WAF rule is difficult to implement due to the nature of directory traversal, carefully reviewing and restricting file access permissions can reduce the attack surface. Monitor system logs for unusual file access patterns or deletion attempts.
Actualice A10 Thunder ADC a una versión que no sea vulnerable. Consulte el aviso de seguridad del proveedor para obtener más información y las versiones corregidas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2023-42130 is a directory traversal vulnerability in A10 Thunder ADC that allows authenticated attackers to read and delete arbitrary files.
You are affected if you are running A10 Thunder ADC versions 5.2.1-p3 or build 70 and have not upgraded to a patched version.
Upgrade to a patched version of A10 Thunder ADC as recommended by A10 Networks. Refer to their advisory for specific version details.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's ease of exploitation makes it a potential target.
Refer to the A10 Networks security advisory page for the latest information and patched versions.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.