Vulnerability Description
A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| A10Networks | Agalaxy | >= 3.2.1, <= 3.2.4 |
| A10Networks | Advanced Core Operating System | 3.2.2 |
References
- https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vMitigationPatchVendor Advisory
- https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vMitigationPatchVendor Advisory
FAQ
What is CVE-2020-24384?
CVE-2020-24384 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS...
How severe is CVE-2020-24384?
CVE-2020-24384 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-24384?
Check the references section above for vendor advisories and patch information. Affected products include: A10Networks Agalaxy, A10Networks Advanced Core Operating System.