Vulnerability Details : CVE-2020-17506
Public exploit exists!
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
Vulnerability category: Sql Injection
Products affected by CVE-2020-17506
- cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-17506
95.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-17506
-
Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection
Disclosure Date: 2020-08-09First seen: 2020-09-21exploit/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injectionThis module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in virtual ap
CVSS scores for CVE-2020-17506
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-17506
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-17506
-
https://blog.max0x4141.com/post/artica_proxy/
Max's BlogExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html
Artica Proxy 4.3.0 Authentication Bypass ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html
Artica Proxy 4.30.000000 Authentication Bypass / Command Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to