CVE-2023-42129
📋 TL;DR
This vulnerability in A10 Thunder ADC allows authenticated remote attackers to perform directory traversal attacks, potentially disclosing sensitive files from the system. The flaw exists in the ShowTechDownloadView class due to improper path validation. Organizations using affected A10 Thunder ADC installations with authenticated user access are at risk.
💻 Affected Systems
- A10 Thunder ADC
📦 What is this software?
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
Advanced Core Operating System by A10networks
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive configuration files, credentials, or system files, leading to complete system compromise or lateral movement within the network.
Likely Case
Information disclosure of configuration files, logs, or other sensitive data stored on the ADC appliance.
If Mitigated
Limited impact with proper network segmentation and strict access controls limiting authenticated user access.
🎯 Exploit Status
Exploitation requires valid user credentials but the directory traversal technique is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ACOS 6.2.4-p1 and later
Vendor Advisory: https://support.a10networks.com/support/security_advisory/a10-acos-file-access-vulnerability/
Restart Required: Yes
Instructions:
1. Download ACOS 6.2.4-p1 or later from A10 support portal. 2. Backup current configuration. 3. Apply the firmware update following A10's upgrade procedures. 4. Reboot the ADC appliance. 5. Verify the update was successful.
🔧 Temporary Workarounds
Restrict User Access
allLimit administrative user accounts to only trusted personnel and implement strong authentication controls.
Network Segmentation
allIsolate ADC management interfaces from untrusted networks and implement strict firewall rules.
🧯 If You Can't Patch
- Implement strict access controls and limit ADC management interface exposure
- Monitor for unusual file access patterns and implement enhanced logging
🔍 How to Verify
Check if Vulnerable:
Check ACOS version via CLI: 'show version' and verify if it's below 6.2.4-p1Check Version:
show versionVerify Fix Applied:
After patching, verify version is 6.2.4-p1 or higher using 'show version' command📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in ADC logs
- Multiple failed authentication attempts followed by successful login and file access
Network Indicators:
- Unusual traffic patterns to ADC management interface
- Requests with directory traversal patterns (../ sequences)
SIEM Query:
source="a10-adc" AND (event_type="file_access" OR uri="*../*")🔗 References
- https://support.a10networks.com/support/security_advisory/a10-acos-file-access-vulnerability/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1495/
- https://support.a10networks.com/support/security_advisory/a10-acos-file-access-vulnerability/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1495/
