The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.
When the "Rich Filemanager" function is enabled, the web interface for file management is accessible to anyone without authentication (CWE-288 — missing authentication mechanism). Additionally, the process runs in the context of the root account, and system files are accessible through it without any permission restrictions (CWE-552 — unprotected file access). A remote attacker, without any credentials, can read, modify, and delete any files on the server.
An unauthenticated remote attacker gains full access to the file system with root privileges, enabling sensitive data theft, configuration modification, malicious code upload, and complete server compromise.
Disable the "Rich Filemanager" function if not required and apply patches available from the vendor according to the references. It is also recommended to restrict access to the Artica Proxy management interface via firewall to trusted IP addresses only.
Artica Proxy (Articatech) with the "Rich Filemanager" function enabled — specific versions indicated in the vendor's references and in KoreLogic's KL-001-2024-003 advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArticatech Artica Proxy
APPArticatech4.40.0000004.50.000000
Related vulnerabilities
RCE przez deserializację PHP w Artica Proxy — nieuwierzytelniony dostęp
Artica Proxy: dostęp do usług loopback przez serwis proxy (tailon RCE)
A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS comm...
Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server dom...
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a ...