HomePentest-Tools.com Logo

Artica Web Proxy 4.30 - OS Command Injection CVE-2020-17505

Severity
CVSSv3 Score
8.8
Vulnerability description

Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Upgrade to a patched version of Artica Web Proxy or apply the vendor-supplied patch to mitigate this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Aug 12, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available