Vulnerability CVE-2019-7300


Published: 2019-02-01

Description:
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field.

Type:

CWE-77

(Improper Neutralization of Special Elements used in a Command ('Command Injection'))

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Articatech -> Artica proxy 

 References:
https://code610.blogspot.com/2019/01/rce-in-artica.html
https://github.com/c610/tmp/blob/master/aRtiCE.py

Copyright 2024, cxsecurity.com

 

Back to Top