Contact Download Trial China Japan
  • Solutions
    SEGMENTS
    TOPICS
    A10 ADVANTAGE

    FLEXPOOL SUBSCRIPTION

    PORTABLE SOFTWARE LICENSE FOR ANY INFRASTRUCTURE OR SERVICE

    See it in action
  • Products & Services
    Products
    Management
    Services

    FLEXPOOL SUBSCRIPTION

    PORTABLE SOFTWARE LICENSE FOR ANY INFRASTRUCTURE OR SERVICE

    See it in action
  • Resources
    Downloadable Assets
    Additional Resources
    Learning

    DDOS THREAT INTELLIGENCE MAP

    Visualize the global landscape of DDoS weapons in real-time

    SHOW ME THE MAP
  • Support
    Public Content
    Product Support Login

    CUSTOMER ADVOCACY PROGRAM

    Share your success story and win big

    Learn More
  • Partners
    Partners
    How to Buy

    THUNDER
® TPS

    The World’s Most Powerful DDoS Protection Solution

    Learn More
  • Company
    About Us
    News and Events

    THUNDER
® TPS

    The World’s Most Powerful DDoS Protection Solution

    Learn More
    • Download Trial
    HTML/CSS 

    Our team is here to help

    The role of the PSIRT team is to timely receive, assess and assist in handling vulnerabilities regarding A10 Networks’ products.

    HTML/CSS 
    for A10 customers

    If you have an urgent matter concerning production systems, contact support.

    Contact Support

    Security Advisories

    Security Advisory ID Publishedsort ascending Updated
    ACOS DNS Services and DNS Flag Day January 30, 2019 February 04, 2019
    Other CPU Side-Channel Vulnerabilities December 14, 2018 December 14, 2018
    Thunder – IPMI/LoM Vulnerabilities November 27, 2018 November 27, 2018
    WAF/SSLI – XML Vulnerabilities November 27, 2018 November 27, 2018
    SSH - CVE-2018-15473 October 11, 2018 October 11, 2018
    TLS-SSL - CVE-2016-2177 October 10, 2018 November 09, 2018
    EX Series - CVE-2017-13704, CVE-2017-14491 October 09, 2018 October 09, 2018
    SYSTEM - VULNERABILITIES #2 - ACOS 3.X, 4.X September 12, 2018 September 12, 2018
    NTP - CVE-2018-7184 September 12, 2018 September 12, 2018
    GUI - HSTS MISSING IN REDIRECT FROM GET ROOT September 12, 2018 September 12, 2018
    GUI/AXAPI - VULNERABILITIES #2 - ACOS 3.X, 4.X September 12, 2018 September 12, 2018
    TCP/IP - CVE-2018-5391 (FRAGMENTSMACK) August 19, 2018 September 10, 2018
    SYSTEM - CVE-2017-18017 August 19, 2018 August 19, 2018
    TCP/IP - CVE-2018-5390 (SEGMENTSMACK) August 19, 2018 August 19, 2018
    TLS-SSL - CVE-2016-2182 August 09, 2018 August 09, 2018
    TLS-SSL - CVE-2018-0739D August 09, 2018 August 09, 2018
    TLS-SSL - CVE-2016-6306 July 30, 2018 July 30, 2018
    TLS-SSL - CVE-2016-6302 July 29, 2018 July 29, 2018
    TLS - ROBOT VULNERABILITY FALSE-POSITIVES July 29, 2018 July 29, 2018
    ISAKMP-IKE - VPN DISABLED, UDP PORTS OPEN July 29, 2018 November 09, 2018
    SSH - CVE-2016-0777 July 22, 2018 July 22, 2018
    TLS-SSL - CVE-2016-2107 July 22, 2018 July 22, 2018
    THUNDER LOM/IPMI - CVE-2013-4786 July 22, 2018 July 22, 2018
    TLS-SSL - CVE-2018-0732 July 22, 2018 July 27, 2018
    TLS-SSL - CVE-2017-3735 July 22, 2018 July 22, 2018
    TLS-SSL - CVE-2017-3736/3737/3738 July 22, 2018 July 22, 2018
    MGMT ACLs Can Override MGMT Service Disable Commands July 19, 2018 September 24, 2018
    TLS-SSL - CVE-2017-3732, CVE-2016-7055 July 18, 2018 July 18, 2018
    WAF - SQL Injection Attack (SQLIA) Vulnerability July 18, 2018 July 23, 2018
    HTTPD - CVE-2017-3169, CVE-2017-7679 July 16, 2018 November 02, 2018
    SSH DH MODULUS <= 1024 BITS (LOGJAM) July 14, 2018 July 18, 2018
    TLS/SSL - CVE-2016-10213 July 12, 2018 July 12, 2018
    AUDIT LOG CLEAR - VULNERABILTY July 12, 2018 July 12, 2018
    SPECTRE/MELTDOWN VULNERABILITIES January 05, 2018 December 14, 2018
    Virtual Application Patch CVE-2017-9805 September 15, 2017 None
    NTP - CVE-2017-6462, CVE-2017-6451, CVE-2016-9042 August 10, 2017 None
    GUI - A10HELP XSS VULNERABILITY August 09, 2017 None
    SSH - SHA2 HMACS, CVE-2008-5161, WEAK MACS August 08, 2017 May 30, 2018
    ICMP - TIMESTAMP RESPONSE, CVE-1999-0524 August 08, 2017 None
    SSH - CVE-2016-3115, CVE-2010-5107 August 08, 2017 None
    SYSTEM - VULNERABILITIES #1 - ACOS 3.X, 4.X August 07, 2017 March 08, 2018
    GUI/AXAPI - VULNERABILITIES #1 - ACOS 3.X, 4.X August 04, 2017 April 05, 2018
    TLS/SSL - TLS 1.0 PROTOCOL SUPPORTED, CVE-2011-3389 August 03, 2017 March 07, 2018
    TLS/SSL - 3DES CIPHER SUPPORTED, CVE-2016-2183 August 02, 2017 March 07, 2018
    TLS/SSL - RC4 CIPHERS SUPPORTED, CVE-2013-2566, CVE-2015-2808 August 01, 2017 None
    TLS/SSL - DES AND IDEA CIPHERS SUPPORTED July 31, 2017 None
    SSH - CVE-2015-5600 July 28, 2017 None
    NTP - CVE-2016-7429, CVE-2016-7433 July 27, 2017 None
    TLS/SSL - CVE-2016-8610 July 25, 2017 None
    TLS/SSL - CVE-2016-6304 July 24, 2017 None
    #CVE-2016-2108 May 11, 2016 None
    #CVE-2015-7547 February 18, 2016 None
    #CVE-2015-7575 February 17, 2016 None
    #CVE-2016-0777 and CVE-2016-0778 January 18, 2016 None
    #CVE-2015-3195 December 03, 2015 None
    #CVE-2015-5307 and CVE-2015-8104 November 10, 2015 None
    #CVE-2015-7704, -7705, -7871 October 26, 2015 None
    #CVE-2015-5621 September 03, 2015 None
    CVE-2015-1793: OpenSSL Alternative chains certificate forgery July 09, 2015 None
    #CVE-2015-{1788, 1789, 1790, 1791 and 1792} June 18, 2015 None
    #CVE-2015-0290, CVE-2015-0291, CVE-2015-0204, CVE-2015-0286, CVE-2015-0292, CVE-2015-0209, CVE-2014-3571, CVE-2015-0206, CVE-2015-0207 March 08, 2015 April 18, 2018
    #CVE-2015-0235 February 02, 2015 None
    #CVE-2014-3571, 3569, 3572, 8275, 3570 and #CVE-2015-0204, 0205, 0206 January 08, 2015 None
    NTP (#CVE-2014-9293, #CVE-2014-9294, #CVE-2014-9295, #CVE-2014-9296) December 29, 2014 None
    #CVE-2014-8730 December 08, 2014 None
    Technical Support Advisory: Recommended SSL Templates for PFS (Perfect Forward Secrecy) Ciphers November 04, 2014 None
    #CVE-2014-3513 and CVE-2014-3567 October 15, 2014 None
    "POODLE" #CVE-2014-3566 October 14, 2014 November 03, 2014
    Shellshock Bash; Multiple #CVEs October 01, 2014 None
    A10 Vulnerability to "Shellshock Bash" #CVE-2014-6271 September 24, 2014 None
    OpenSSL Security Advisory June 05, 2014 None
    ACOS Buffer Overflow Vulnerability Issued by NCCIC/US Cert (CVE-2014-3976) April 09, 2014 None
    A10 Products Not Vulnerable to OpenSSL CVE-2014-0160 (Heartbleed) April 09, 2014 None
    HTML/CSS 

    How to report a product vulnerability

    A10 values submission of vulnerabilities by independent researchers and third parties.

    In order to process them in the most expedient way possible, follow these steps:

    1. Provide as much information as possible upfront and send an email to psirt@a10networks.com. If you feel the need to protect the information you can encrypt the information with our PGP key.
    2. Please ensure the report is as complete as possible and explains the specific setup and how was the vulnerability triggered.
    3. Also, if possible, it would be highly appreciated if you can submit “show tech” from that device or virtual appliance. If not, please provide “show version” or the version information about the software and hardware platform (unless it is a virtual machine).

    Report Vulnerability

    If you are an A10 customer, please, do not use this method of submission open a support case instead.

    HTML/CSS 

    PGP KEY DOWNLOAD

     
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Encryption Desktop 10.3.2 (Build 21165)

mQENBFo8D3ABCAC+rh9IPxRQfmIY3s3cC+jMzzCImprVhGJEZFnU2nHVXY5AYnxR
rh7D4SkGTGRSRhi60Q0+Dnpj0uM+2kx6saZMgYf7C/qzkU4a+Dw9jsdUAQRCCz95
3WZWggUA0iLtloY6hk13vTrkK8tnPnJiE7A3WwbfSCmkOCYYAHqVp07rRR5RBity
Lr3cAvJ861JEJyUHdTL1hC4wUr3wCwPNjGbNx4rhsYD95mCuGjon9NhBzZRDOOKV
ugvJ98qjAoOSvITlbOL/sOeSZ5X0WREpd1e6hGpdQRTfDcvqb5z6rDTvZzN9x7pk
giI4HrtPiaJLZudeZ9Vx1AFgddhegk22IphnABEBAAG0I1BTSVJULURMIDxwc2ly
dC1kbEBhMTBuZXR3b3Jrcy5jb20+iQF4BBABAgBiBQJaPA9wBQkBsw8AMBSAAAAA
ACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdwbWltZQgLCQgH
AwIBCgIZAQUbAwAAAAUWAAMCAQUeAQAAAAYVCAkKAwIACgkQxcmcr4MaCAHUOQf/
dzf52vFM0UG6nAvxcGeSS7AnBRGQRJfK18yiW8KUXgCGTQmjvHPL96hteXszVTH5
/iWaj8+P91Vc80m4ug652DdHkjE3cbgkeW8QBTONE//Uqp5WQFxCIwyrqoE6EE0m
O8V6c3u5i8BoQWEkcV+qgMb4oTG14jfwXCimP4dS6ozd6mkxBYbq7rdXMbu4ID1g
oxgDhK4j13FtDrhGcYK6HjV10TXjTVKbWAGHOhy6cu+sNHtdOnAi5Q8JErBAWxyF
e/RbYG9ocoMpY8W/7pOq2N+9GShyNat/nAj2FxMjTV9UMcwQVEQO9pSA0u757rso
KRT3oWTCIG9fGA1aLBEBbLkBDQRaPA9xAQgA1OS5zgHppqW2cb1+lRTyVgWOjuGw
tzgVFxJKNJUQsBKRiXZWqhFXh9R6lgDCnVKsodVNiW4YSnGOW1bo9bLNScPwXZ9K
00riiHNrnxWRs1QmWh9dnXBbbGk2MG/p7meAJOIQly/OUrm3b/x/Ojdmv2YBIeZj
mTVHM9QVNFrdbc8kSCq9M/IHgOHeeibJQreGWPuf4mOQA/OUaOoCNWbf+vDhtAo0
leiOEXoffJzPQny4sUEVaIAPz6lsixOsrf3CRC3JutOTgDS4qtRFwP0RUn0hASDA
epeYhwVEnoWon8RZsGtw8K0LVdw0TnSF8U3XtUaRokUqHDtYfcPmLUeO/QARAQAB
iQJHBBgBAgExBQJaPA9yBQkBsw8ABRsMAAAAwF0gBBkBCAAGBQJaPA9xAAoJEHf3
xr9xgI7ogg8IAJsfAB5vJ9lVAYGz9uJmT03dLqsbTJdLNJgFeEKr8o50ByRU4ZvL
v9ZKMMUR0WrV4YEj5GfD1bY2AeP3kLx00MP3IdBYvR9ciITk4ZYm9bGwhNPxSPc1
GeZ7nb6rf3fn9uDc1EIQYRG5yXa3dbBS3zSOjVbETtM1iW5Wh1sDSamQW2G59MVs
V5L5UypkRx+choTI5xaH1OgTFRBREYHdSfz/6c/9nZno1qBWZGQVigcqHgZns9dp
dALe7Bs0kFQqb1amGUUQLBtazel/hPn8DrYsdi2mpyRbV1MXeK8OU9uDWP6LZoaF
lJHiA7T91rgJtHMRKmVDBbntP2GJ8TJSMEUACgkQxcmcr4MaCAGQHwgAt/8GAs5H
qnIeH/rguGoUojnEhNskzeWbLJlWXV6i1lGse5Uc/6Ckp5j1wiKu9V/AFdSHrx4l
9v8L4djY9gslmJy62NtkfeAJrKfNyngm1quXeRMcBcpj+sdWt+1pzxGDVu0XSbS9
ivgc3dE5/IqusnArwa185/XtCzNg2xqkAlvRM+Bj7MBwb8rbYnT41cZG6oNZrX1p
7+ZPLBCZBwkUPbMdvBBPtIpduvcHwsQA39pUHdcMvDrtGlyDDwrPmpHsutpbpyxm
/XKQf1q6omogRLdBNkYqf/YDBFKO0ilj8NE8n1U+DgjpkmKnRNpDExzEbTazHe8T
S+GSNBvMvpGBAw==
=Nqhb
-----END PGP PUBLIC KEY BLOCK-----

    SEGMENTS

      A10 ADVANTAGE

        Products & Services