7.8

CVE-2024-30369

EPSS 0.03%
Published 06.06.2024 18:15:13
Last modified 21.11.2024 09:11:47
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

A10networks ≫ Advanced Core Operating System Version4.1.4 Update-

A10networks ≫ Advanced Core Operating System Version4.1.4 Updategr1

A10networks ≫ Advanced Core Operating System Version4.1.4 Updategr1-p1

A10networks ≫ Advanced Core Operating System Version4.1.4 Updategr1-p10

A10networks ≫ Advanced Core Operating System Version4.1.4 Updategr1-p11

A10networks ≫ Advanced Core Operating System Version4.1.4 Updategr1-p12

A10networks ≫ Advanced Core Operating System Version4.1.4 Updategr1-p13

A10networks ≫ Advanced Core Operating System Version4.1.4 Updategr1-p2

A10networks ≫ Advanced Core Operating System Version4.1.4 Updategr1-p3

A10networks ≫ Advanced Core Operating System Version4.1.4 Updategr1-p4

A10networks ≫ Advanced Core Operating System Version4.1.4 Updategr1-p5

A10networks ≫ Advanced Core Operating System Version4.1.4 Updategr1-p6

A10networks ≫ Advanced Core Operating System Version4.1.4 Updategr1-p7

A10networks ≫ Advanced Core Operating System Version4.1.4 Updategr1-p8

A10networks ≫ Advanced Core Operating System Version4.1.4 Updategr1-p9

A10networks ≫ Advanced Core Operating System Version4.1.4 Updatep1

A10networks ≫ Advanced Core Operating System Version4.1.4 Updatep2

A10networks ≫ Advanced Core Operating System Version4.1.4 Updatep3

A10networks ≫ Advanced Core Operating System Version5.1.0 Update-

A10networks ≫ Advanced Core Operating System Version5.1.0 Updatep3

A10networks ≫ Advanced Core Operating System Version5.1.0 Updatep4

A10networks ≫ Advanced Core Operating System Version5.1.0 Updatep5

A10networks ≫ Advanced Core Operating System Version5.1.0 Updatep6

A10networks ≫ Advanced Core Operating System Version5.2.0 Update-

A10networks ≫ Advanced Core Operating System Version5.2.0 Updatep1

A10networks ≫ Advanced Core Operating System Version5.2.1 Update-

A10networks ≫ Advanced Core Operating System Version5.2.1 Updatep1

A10networks ≫ Advanced Core Operating System Version5.2.1 Updatep2

A10networks ≫ Advanced Core Operating System Version5.2.1 Updatep3

A10networks ≫ Advanced Core Operating System Version5.2.1 Updatep4

A10networks ≫ Advanced Core Operating System Version5.2.1 Updatep5

A10networks ≫ Advanced Core Operating System Version5.2.1 Updatep6

A10networks ≫ Advanced Core Operating System Version5.2.1 Updatep7

A10networks ≫ Advanced Core Operating System Version5.2.1 Updatep8

A10networks ≫ Advanced Core Operating System Version5.2.1 Updatep9

A10networks ≫ Advanced Core Operating System Version6.0.0 Update-

A10networks ≫ Advanced Core Operating System Version6.0.0 Updatep1

A10networks ≫ Advanced Core Operating System Version6.0.0 Updatep2

A10networks ≫ Advanced Core Operating System Version6.0.0 Updatep2-sp1

A10networks ≫ Advanced Core Operating System Version6.0.1

A10networks ≫ Advanced Core Operating System Version6.0.2 Update-

A10networks ≫ Advanced Core Operating System Version6.0.2 Updatep1

A10networks ≫ Advanced Core Operating System Version6.0.3 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.08

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
zdi-disclosures@trendmicro.com	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-24-525/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2024-30369

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-30369

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-30369

EUVD