CVE-2014-3976

A10 Networks ACOS <2.7.0-p6, <2.7.1-P1_55 - Buffer Overflow

Title source: llm

Description

Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC

by Francesco Perna · textdoshardware

https://www.exploit-db.com/exploits/32702

View Code ZIP pw:eip

References (7)

Core 7

Core References

Exploit x_refsource_misc

http://packetstormsecurity.com/files/125979/A10-Networks-ACOS-2.7.0-P2-Buffer-Overflow.html

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/32702

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Apr/16

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/66588

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/105354

Exploit x_refsource_misc

http://www.quantumleap.it/a10-networks-remote-buffer-overflow-softax

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/57640

Scores

EPSS 0.3346

EPSS Percentile 97.0%

Details

CWE

CWE-119

Status published

Products (2)

a10networks/advanced_core_operating_system 2.7.0

a10networks/advanced_core_operating_system 2.7.1

Published Jun 05, 2014

Tracked Since Feb 18, 2026