CVE-2024-2053
Last modified
CVE-2024-2053 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. EPSS estimates a 44.58% chance of exploitation in the next 30 days.
Description
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Articatech | Artica Proxy | 4.40.000000 |
| Articatech | Artica Proxy | 4.50.000000 |
References
- http://seclists.org/fulldisclosure/2024/Mar/11Exploit, Mailing List
- https://korelogic.com/Resources/Advisories/KL-001-2024-001.txtExploit, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/Mar/11Exploit, Mailing List
- https://korelogic.com/Resources/Advisories/KL-001-2024-001.txtExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-2053?
How severe is CVE-2024-2053?
How do I fix CVE-2024-2053?
Are you affected by CVE-2024-2053?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST