CVE-2016-10213

MEDIUM

A10networks Advanced Core Operating System - Information Disclosure

Title source: rule

Description

A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.

References (3)

[Various Sources] https://github.com/nonce-disrespect/nonce-disrespect

View Writeup ZIP pw:eip

[Various Sources] https://www.a10networks.com/blog/cve-2016-0270-gcm-nonce-vulnerability

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96163

Scores

CVSS v3 5.9

EPSS 0.0046

EPSS Percentile 63.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

a10networks/advanced_core_operating_system < 2.7.2

n/a/n/a

Timeline

Published Feb 08, 2017

Tracked Since Feb 18, 2026