Patch Available for CVE-2014-8730 Padding Flaw

A10 Thunder ADC appliances running ACOS versions 2.7.2 P3 or earlier are susceptible to a TLS padding attack. The TLS padding flaw, identified as CVE-2014-8730, is a new variant of the POODLE vulnerability disclosed in October. The TLS padding flaw can be exploited remotely, allowing an attacker to decrypt sensitive data in the SSL connection.

Vulnerability Assessment
Affected Platforms: ADC
Affected Software Versions: 2.6.1-GR1, 2.7.x

Software Updates
A10 advises customers to apply software patches to mitigate this vulnerability. Patches for the CVE-2014-8730 padding flaw and the CVE-2014-3566 POODLE vulnerability and are available on the A10 Support Portal.

For more information, A10 customers may view the CVE-2014-8730 security advisory.

Add new comment