CVE-2023-42130 in Thunder ADC
Summary
by MITRE • 05/03/2024
A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability. This vulnerability allows remote attackers to read and delete arbitrary files on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability.
The specific flaw exists within the FileMgmtExport class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to read and delete files in the context of the service account. . Was ZDI-CAN-17905.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 08/18/2025
The CVE-2023-42130 vulnerability represents a critical directory traversal flaw within A10 Thunder ADC appliances that enables authenticated remote attackers to perform arbitrary file read and deletion operations. This vulnerability specifically affects the FileMgmtExport class functionality, which handles file management operations within the application. The flaw stems from inadequate input validation mechanisms that fail to properly sanitize user-supplied paths before executing file system operations. The vulnerability impacts systems running affected versions of A10 Thunder ADC software where the FileMgmtExport feature is enabled, making it a significant concern for organizations relying on these network appliances for load balancing and application delivery services.
The technical implementation of this vulnerability demonstrates a classic path traversal attack vector where the application processes user-provided file paths without adequate sanitization or validation checks. When the FileMgmtExport class receives input containing directory traversal sequences such as ../ or ..\, it fails to validate these paths against a whitelist of acceptable directories or perform proper normalization of the file paths. This allows attackers to navigate outside the intended file system boundaries and access files that should remain restricted. The vulnerability operates at the application layer and can be exploited through the web interface or API endpoints that utilize the FileMgmtExport functionality, making it particularly dangerous as it requires minimal privileges beyond authentication.
From an operational impact perspective, this vulnerability poses severe risks to organizations using A10 Thunder ADC appliances as it enables attackers with valid credentials to access sensitive system files, configuration data, and potentially user information stored on the appliance. The ability to delete arbitrary files introduces additional risk beyond mere information disclosure, as attackers could potentially disrupt service operations by removing critical system components or configuration files. The vulnerability operates with the privileges of the service account under which the ADC appliance runs, which typically has elevated permissions within the system environment. This could potentially allow attackers to escalate their privileges or cause denial of service conditions that impact critical network infrastructure.
Organizations should implement immediate mitigations including applying the vendor-provided security patches and updates released to address this vulnerability. Network segmentation and access controls should be strengthened to limit the number of users with administrative privileges to the ADC appliances. Additionally, implementing proper input validation and sanitization mechanisms within the application code can help prevent similar issues from occurring in the future. This vulnerability aligns with CWE-22 Directory Traversal and CWE-77 Path Traversal, both of which are categorized under the OWASP Top Ten as critical security risks. The attack pattern also corresponds to ATT&CK technique T1059 Command and Scripting Interpreter, as exploitation may involve executing commands through the affected application interface. Regular security audits and penetration testing should be conducted to identify and remediate similar vulnerabilities in other network infrastructure components.