CVE-2024-2055

Published: Mar 5, 2024Modified: Jan 12, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.

Affected (2)

Products: Articatech: Artica Proxy

Articatech

1 product

Artica Proxy

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Articatech Artica Proxy	Version 4.40.000000
Articatech Artica Proxy	Version 4.50.000000

Related CWEs

CWE-288

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

CWE-552

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (4)

http://seclists.org/fulldisclosure/2024/Mar/13

Source: cve@takeonme.org

Mailing ListThird Party AdvisoryExploit

https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt

Source: cve@takeonme.org

Third Party AdvisoryExploit

http://seclists.org/fulldisclosure/2024/Mar/13

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party AdvisoryExploit

https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryExploit

Timeline

No history available yet.