CVE-2019-7300

Published: Feb 1, 2019Modified: Nov 21, 2024

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field.

Affected (1)

Products: Articatech: Artica Proxy

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Articatech Artica Proxy	Version 3.06.200056

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

https://code610.blogspot.com/2019/01/rce-in-artica.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/c610/tmp/blob/master/aRtiCE.py

Source: cve@mitre.org

ExploitThird Party Advisory

https://code610.blogspot.com/2019/01/rce-in-artica.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/c610/tmp/blob/master/aRtiCE.py

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.