Vulnerability Details : CVE-2020-17505
Public exploit exists!
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
Products affected by CVE-2020-17505
- cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-17505
96.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-17505
-
Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection
Disclosure Date: 2020-08-09First seen: 2020-09-21exploit/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injectionThis module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in virtual ap
CVSS scores for CVE-2020-17505
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-17505
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-17505
-
https://blog.max0x4141.com/post/artica_proxy/
Max's BlogExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html
Artica Proxy 4.30.000000 Authentication Bypass / Command Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to