Vulnerability Details : CVE-2020-24384
A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected.
Vulnerability category: Execute code
Products affected by CVE-2020-24384
- cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.2:-:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.2:p8:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.3:-:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.3:p5:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.4:-:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.4:p5:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.5:-:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.5:p1:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:4.0.0:-:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:4.0.1:p3:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.0:-:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.0:p13:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.1:-:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.1:p13:sp1:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.2:-:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.2:p5:sp1:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:-:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p4:sp1:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.100:-:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.100:p7:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:-:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:5.1.0:p3:*:*:*:*:*:*
- cpe:2.3:a:a10networks:agalaxy:*:*:*:*:*:*:*:*
- cpe:2.3:a:a10networks:agalaxy:*:*:*:*:*:*:*:*
- cpe:2.3:a:a10networks:agalaxy:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:a10networks:agalaxy:3.0.4:p3:*:*:*:*:*:*
- cpe:2.3:a:a10networks:agalaxy:5.0.5:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-24384
0.81%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-24384
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2020-24384
-
https://support.a10networks.com/support/security_advisory/acos-agalaxy-gui-rce-vulnerability-cve-2020-24384
ACOS/aGalaxy GUI RCE Vulnerability – CVE-2020-24384 – A10 SupportMitigation;Patch;Vendor Advisory
Jump to