Incorrect Permission Assignment Local Privilege Escalation Vulnerability

CVE-2024-30369

7.8HIGH

Key Information

Vendor: A10
Status: Thunder Adc
Vendor: CVE Published:; 6 June 2024

Summary

A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754.

Affected Version(s)

Thunder ADC = 6.0.2, build 68

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 7.8 - (HIGH)
Jun 6, 2024
Vulnerability published.
Jun 6, 2024
Vulnerability Reserved.
Mar 26, 2024

Collectors

NVD DatabaseMitre Database