← Back

CVE-2024-30369

nvd nist
Published: Jun 6, 2024Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754.

Affected (43)

A10networks
1 product
Advanced Core Operating System
Configuration A
18 vulnerable
Vulnerable SoftwareAffected Versions
A10networks
Advanced Core Operating System
Version 4.1.4
Advanced Core Operating System
Version 4.1.4 gr1-p10
Advanced Core Operating System
Version 4.1.4 gr1-p11
Advanced Core Operating System
Version 4.1.4 gr1-p12
Advanced Core Operating System
Version 4.1.4 gr1-p13
Advanced Core Operating System
Version 4.1.4 gr1-p1
Advanced Core Operating System
Version 4.1.4 gr1-p2
Advanced Core Operating System
Version 4.1.4 gr1-p3
Advanced Core Operating System
Version 4.1.4 gr1-p4
Advanced Core Operating System
Version 4.1.4 gr1-p5
Advanced Core Operating System
Version 4.1.4 gr1-p6
Advanced Core Operating System
Version 4.1.4 gr1-p7
Advanced Core Operating System
Version 4.1.4 gr1-p8
Advanced Core Operating System
Version 4.1.4 gr1-p9
Advanced Core Operating System
Version 4.1.4 gr1
Advanced Core Operating System
Version 4.1.4 p1
Advanced Core Operating System
Version 4.1.4 p2
Advanced Core Operating System
Version 4.1.4 p3
Configuration B
17 vulnerable
Vulnerable SoftwareAffected Versions
A10networks
Advanced Core Operating System
Version 5.1.0
Advanced Core Operating System
Version 5.1.0 p3
Advanced Core Operating System
Version 5.1.0 p4
Advanced Core Operating System
Version 5.1.0 p5
Advanced Core Operating System
Version 5.1.0 p6
Advanced Core Operating System
Version 5.2.0
Advanced Core Operating System
Version 5.2.0 p1
Advanced Core Operating System
Version 5.2.1
Advanced Core Operating System
Version 5.2.1 p1
Advanced Core Operating System
Version 5.2.1 p2
Advanced Core Operating System
Version 5.2.1 p3
Advanced Core Operating System
Version 5.2.1 p4
Advanced Core Operating System
Version 5.2.1 p5
Advanced Core Operating System
Version 5.2.1 p6
Advanced Core Operating System
Version 5.2.1 p7
Advanced Core Operating System
Version 5.2.1 p8
Advanced Core Operating System
Version 5.2.1 p9
Configuration C
8 vulnerable
Vulnerable SoftwareAffected Versions
A10networks
Advanced Core Operating System
Version 6.0.0
Advanced Core Operating System
Version 6.0.0 p1
Advanced Core Operating System
Version 6.0.0 p2-sp1
Advanced Core Operating System
Version 6.0.0 p2
Advanced Core Operating System
Version 6.0.1
Advanced Core Operating System
Version 6.0.2
Advanced Core Operating System
Version 6.0.2 p1
Advanced Core Operating System
Version 6.0.3

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

Source: zdi-disclosures@trendmicro.com
Vendor Advisory
Source: zdi-disclosures@trendmicro.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.