CVE-2024-2054

Published: 21/03/2024 Updated: 21/03/2024

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user Version 450 is affected ...

A command injection vulnerability in Artica Proxy appliance versions 450 and 440 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user ...

A Command Injection vulnerability in Artica Proxy appliance version 450 and 440 allows remote attackers to run arbitrary commands via unauthenticated HTTP request The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code exec ...

KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability Title: Artica Proxy Unauthenticated PHP Deserialization Vulnerability Advisory ID: KL-001-2024-002 Publication Date: 20240305 Publication URL: korelogiccom/Resources/Advisories/KL-001-2024-002txt 1 Vulnerability Details      Affected ...

A Command Injection vulnerability in Artica Proxy appliance version 4.50 and 4.40 allows remote attackers to run arbitrary commands via unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.

msf > use exploit/linux/http/artica_proxy_unauth_rce_cve_2024_2054
msf exploit(artica_proxy_unauth_rce_cve_2024_2054) > show targets
    ...targets...
msf exploit(artica_proxy_unauth_rce_cve_2024_2054) > set TARGET < target-id >
msf exploit(artica_proxy_unauth_rce_cve_2024_2054) > show options
    ...show and set options...
msf exploit(artica_proxy_unauth_rce_cve_2024_2054) > exploit

CVE-2024-2054

https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt http://seclists.org/fulldisclosure/2024/Mar/12 https://nvd.nist.gov https://github.com/Madan301/CVE-2024-2054 https://seclists.org/fulldisclosure/2024/Mar/12 https://www.rapid7.com/db/modules/exploit/linux/http/artica_proxy_unauth_rce_cve_2024_2054/

CVE-2024-2054

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

Metasploit Modules

Github Repositories

References

Vulmon Search

About

Products

Connect