CVE-2024-2055 — CRITICAL (9.8)

Vulnerability Description

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Articatech	Artica Proxy	4.40.000000

Related Weaknesses (CWE)

CWE-552 CWE-288

References

http://seclists.org/fulldisclosure/2024/Mar/13Mailing ListThird Party AdvisoryExploit
https://korelogic.com/Resources/Advisories/KL-001-2024-003.txtThird Party AdvisoryExploit
http://seclists.org/fulldisclosure/2024/Mar/13Mailing ListThird Party AdvisoryExploit
https://korelogic.com/Resources/Advisories/KL-001-2024-003.txtThird Party AdvisoryExploit

FAQ

What is CVE-2024-2055?

CVE-2024-2055 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as ...

How severe is CVE-2024-2055?

CVE-2024-2055 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-2055?

Check the references section above for vendor advisories and patch information. Affected products include: Articatech Artica Proxy.