Vulnerability Details : CVE-2014-3976
Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-3976
Probability of exploitation activity in the next 30 days: 31.88%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3976
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-3976
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3976
-
http://www.securityfocus.com/bid/66588
A10 Networks ACOS Remote Buffer Overflow Vulnerability
-
http://www.quantumleap.it/a10-networks-remote-buffer-overflow-softax
A10 Networks remote Buffer Overflow - Quantum leapExploit
-
http://www.exploit-db.com/exploits/32702
A10 Networks ACOS 2.7.0-P2 (Build 53) - Buffer Overflow (PoC) - Hardware dos ExploitExploit
-
http://packetstormsecurity.com/files/125979/A10-Networks-ACOS-2.7.0-P2-Buffer-Overflow.html
A10 Networks ACOS 2.7.0-P2 Buffer Overflow ≈ Packet StormExploit
-
http://seclists.org/fulldisclosure/2014/Apr/16
Full Disclosure: [Quantum Leap Advisory] #QLA140402 - A10 Networks remote Buffer OverflowExploit
Products affected by CVE-2014-3976
- cpe:2.3:o:a10networks:advanced_core_operating_system:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:o:a10networks:advanced_core_operating_system:2.7.1:*:*:*:*:*:*:*