Patch Available for CVE-2014-8730 Padding Flaw

A10 PSIRT Team
September 23, 2016


A10 Thunder ADC appliances running ACOS versions 2.7.2 P3 or earlier are susceptible to a TLS padding attack. The TLS padding flaw, identified as CVE-2014-8730, is a new variant of the POODLE vulnerability disclosed in October. The TLS padding flaw can be exploited remotely, allowing an attacker to decrypt sensitive data in the SSL connection.

Vulnerability Assessment

Affected Platforms: ADC

Affected Software Versions: 2.6.1-GR1, 2.7.x

Software Updates

A10 advises customers to apply software patches to mitigate this vulnerability. Patches for the CVE-2014-8730 padding flaw and the CVE-2014-3566 POODLE vulnerability and are available on the A10 Support Portal.

For more information, A10 customers may view the CVE-2014-8730 security advisory.


A10 PSIRT Team
September 23, 2016

About A10 PSIRT Team

The A10 SERT Team is A10 Networks' Security Engineering Research Team. READ MORE

Seeing is believing.
Schedule a live demo today.

Get a Product Demo