Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.
The 'tailon' service is running as root and listening on TCP port 7050 assigned to the loopback interface, which would normally restrict access to local processes only. However, the proxy mechanism in Artica Proxy incorrectly exposes loopback-associated services to remote clients, effectively bypassing this security control. The vulnerability is classified as CWE-288 (authentication bypass by alternative path) and CWE-552 (file access by external service). According to the documentation of the 'tailon' repository on GitHub, exposure of this service is associated with serious security issues.
An attacker without any authentication can read the contents of any file on the Artica Proxy device, including potentially files containing credentials, private keys, and other sensitive configuration information. Full root privileges of the 'tailon' service increase the risk of complete device takeover.
Apply patches available from the manufacturer according to the references provided. Additionally, it is recommended to implement firewall rules blocking external access to TCP port 7050 and review proxy configuration for exposure of loopback services.
Articatech Artica Proxy — versions indicated in the manufacturer's references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArticatech Artica Proxy
APPArticatech4.50.000000
Related vulnerabilities
RCE przez deserializację PHP w Artica Proxy — nieuwierzytelniony dostęp
Artica Proxy: brak uwierzytelnienia w funkcji Rich Filemanager (dostęp root)
A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS comm...
Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server dom...
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a ...