cbcvebase.

Artica Tech Artica Proxy vulnerabilities

4 known vulnerabilities affecting artica_tech/artica_proxy.

Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH1

Vulnerabilities

Page 1 of 1
CVE-2024-2053P1HIGHCVSS 7.5ExploitedPoCv4.50v4.402024-03-21
CVE-2024-2053 [HIGH] CWE-23 CVE-2024-2053: The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by u The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypass
nvd
CVE-2024-2054P1CRITICALCVSS 9.8PoCv4.502024-03-21
CVE-2024-2054 [CRITICAL] CWE-502 CVE-2024-2054: The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by u The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
nvd
CVE-2024-2056P2CRITICALCVSS 9.8v4.502024-03-05
CVE-2024-2056 [CRITICAL] CWE-288 CVE-2024-2056: Services that are running and bound to the loopback interface on the Artica Proxy are accessible thr Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gv
nvd
CVE-2024-2055P2CRITICALCVSS 9.8v4.50v4.402024-03-05
CVE-2024-2055 [CRITICAL] CWE-288 CVE-2024-2055: The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management ca The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.
nvd
Artica Tech Artica Proxy vulnerabilities | cvebase