The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
The Artica Proxy administration web application does not verify or filter input data before deserialization. An attacker can submit a crafted malicious PHP object without the need to possess any credentials. As a result of deserializing such an object, code is executed on the server side in the context of the 'www-data' system user.
An attacker gains the ability to execute arbitrary code remotely (RCE) on the server hosting Artica Proxy with the privileges of the 'www-data' user, which may lead to complete system takeover, data theft, or lateral movement in the network.
Patches available from the vendor should be applied according to the references. As a temporary measure, it is recommended to restrict access to the Artica Proxy administration panel exclusively to trusted IP addresses at the firewall level.
Artica Proxy by Articatech — versions indicated in vendor references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArticatech Artica Proxy
APPArticatech4.50.000000
Related vulnerabilities
Artica Proxy: dostęp do usług loopback przez serwis proxy (tailon RCE)
Artica Proxy: brak uwierzytelnienia w funkcji Rich Filemanager (dostęp root)
A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS comm...
Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server dom...
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a ...