CVE-2024-2053 Scanner

Artica Proxy is a widely used administrative web application developed by Artica Tech. It is deployed primarily to facilitate network and content management in corporate environments, providing comprehensive proxy capabilities. System administrators use it to regulate, monitor, and secure web traffic efficiently. The software supports integration with various third-party applications for enhanced network security and management. Artica Proxy aims to deliver robust performance and detailed analytics to optimize network usage. Its user-friendly interface makes it a preferred choice for IT teams looking to enhance web security and management.

The vulnerability detected within Artica Proxy lies in the realm of Local File Inclusion (LFI). This allows unauthenticated users to supply arbitrary PHP objects to potentially execute code with high-level privileges. The flaw exists in version 4.50 and stems from improper handling and filtering of file requests. It could enable attackers to read and execute files on the server, leading to unauthorized access to sensitive data. Specifically, an endpoint in the web application can be exploited without requiring prior authentication. This type of vulnerability is critical as it undermines the security protocols established by the affected software.

Technical details about this vulnerability reveal a significant flaw in the endpoint '/images.listener.php' of Artica Proxy. Attackers can leverage this vulnerability by crafting malicious HTTP requests that exploit improper path handling. The 'uri' and 'mailattach' parameters are particularly susceptible, allowing malicious actors to perform directory traversals. Successful exploitation involves bypassing intended security checks to include and execute files present on the server. The vulnerability yields sensitive information such as root user data which can be accessed using specific crafted request patterns. This critical security gap necessitates prompt action to mitigate potential security threats.

If exploited, the Local File Inclusion vulnerability in Artica Proxy could have severe consequences. Malicious users could gain unauthorized access to sensitive files, resulting in data breaches and potential disclosure of confidential information. Furthermore, the flaw could be leveraged to execute arbitrary code, posing risks of further exploitation and system compromise. This not only affects the integrity of the server but also compromises any sensitive data stored within the network. Prolonged exposure could lead to significant financial and reputational damage for affected organizations.

REFERENCES

• https://github.com/0xMarcio/cve/blob/main/2024/CVE-2024-2053.md#cve-2024-2053
• https://seclists.org/fulldisclosure/2024/Mar/11
• https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt