exploitDog

CVE-2024-2055

Опубликовано: 05 мар. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.

Ссылки

http://seclists.org/fulldisclosure/2024/Mar/13
Mailing List
Third Party Advisory
Exploit
https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt
Third Party Advisory
Exploit
http://seclists.org/fulldisclosure/2024/Mar/13
Mailing List
Third Party Advisory
Exploit
https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt
Third Party Advisory
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:articatech:artica_proxy:4.40.000000:*:*:*:*:*:*:*

cpe:2.3:a:articatech:artica_proxy:4.50.000000:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.00068

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-288

Связанные уязвимости

GHSA-rfmj-78j3-h4xf

CVSS3: 9.8

github

почти 2 года назад

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.

EPSS

Процентиль: 21%

0.00068

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-288