Vulnerability CVE-2020-17505


Published: 2020-08-12

Description:
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.

See advisories in our WLB2 database:
Topic
Author
Date
High
Artica Proxy 4.30.000000 Authentication Bypass / Command Injection
Redouane Nibouch...
24.09.2020

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Articatech -> Web proxy 

 References:
https://blog.max0x4141.com/post/artica_proxy/

Copyright 2021, cxsecurity.com

 

Back to Top