← Zuruck zu CVEs

CVE-2024-2056

CRITICAL

9.8

Beschreibung

Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht3/5/2024

Zuletzt geandert1/12/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

articatech:artica_proxy

Schwachen (CWE)

CWE-288CWE-552

Referenzen

http://seclists.org/fulldisclosure/2024/Mar/14(cve@takeonme.org)

https://github.com/gvalkov/tailon#security(cve@takeonme.org)

https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt(cve@takeonme.org)

http://seclists.org/fulldisclosure/2024/Mar/14(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/gvalkov/tailon#security(af854a3a-2127-422b-91ae-364da2661108)

https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.