Default Authentication Bypass in Artica Proxy's Rich Filemanager
CVE-2024-2055

9.8CRITICAL

Key Information:

Vendor: Artica Tech
Status: Artica Proxy
Vendor: CVE Published:; 5 March 2024

What is CVE-2024-2055?

The Rich Filemanager feature in Artica Proxy allows users to manage files through a web interface. However, when this feature is enabled, it does not require any authentication, posing significant security risks. Running under the context of the root user, unauthorized individuals may exploit this vulnerability to access, modify, or delete critical files on the system. This vulnerability highlights the importance of implementing proper authentication measures in web-based file management systems.

Affected Version(s)

Artica Proxy 4.50

Artica Proxy 4.40

References

https://korelogic.com/Resources/Advisories/KL-001-2024-00...

third-party-advisory

http://seclists.org/fulldisclosure/2024/Mar/13

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2024
Vulnerability Reserved
Mar 1, 2024

Credit

Jim Becher of KoreLogic, Inc.

Artica Tech

What is CVE-2024-2055?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit