A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability.
The specific flaw exists within the ShowTechDownloadView class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account.
. Was ZDI-CAN-17899.
References
| Link | Resource |
|---|---|
| https://support.a10networks.com/support/security_advisory/a10-acos-file-access-vulnerability/ | Vendor Advisory Exploit |
| https://www.zerodayinitiative.com/advisories/ZDI-23-1495/ | Third Party Advisory |
| https://support.a10networks.com/support/security_advisory/a10-acos-file-access-vulnerability/ | Vendor Advisory Exploit |
| https://www.zerodayinitiative.com/advisories/ZDI-23-1495/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
18 Aug 2025, 15:31
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://support.a10networks.com/support/security_advisory/a10-acos-file-access-vulnerability/ - Vendor Advisory, Exploit | |
| References | () https://www.zerodayinitiative.com/advisories/ZDI-23-1495/ - Third Party Advisory | |
| First Time |
A10networks
A10networks thunder Application Delivery Controller A10networks advanced Core Operating System |
|
| CPE | cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p8:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p4:sp1:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p1:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p2:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p10:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p1:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p3:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p12:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p9:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p4:*:*:*:*:*:* cpe:2.3:h:a10networks:thunder_application_delivery_controller:-:*:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p11:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p2:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p5:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:-:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:*:*:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p3:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p8:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:-:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p6:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p6:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:gr1-p7:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p5:*:*:*:*:*:* cpe:2.3:o:a10networks:advanced_core_operating_system:5.2.1:p7:*:*:*:*:*:* |
Information
Published : 2024-05-03 03:15
Updated : 2025-08-18 15:31
NVD link : CVE-2023-42129
Mitre link : CVE-2023-42129
CVE.ORG link : CVE-2023-42129
JSON object : View
Products Affected
a10networks
- thunder_application_delivery_controller
- advanced_core_operating_system
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')