Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2021-40680: Artica Proxy VMWare Appliance 4.30.000000 <=[SP273] Rev.1

From: Heiko Feldhusen via Fulldisclosure <fulldisclosure () seclists org>
Date: Tue, 19 Apr 2022 05:22:33 +0000
---------------------------------------------------------------


[Vulnerability Type]



Directory Traversal


---------------------------------------------------------------


[Additional Information]



Advisory ID: RCS20210707-0 Product: Artica Proxy VMWare



Appliance Vendor/Manufacturer: ArticaTech



(https://www.articatech.com) Affected Version(s):



4.30.000000 <={SP273] Tested Version(s): 4.30.000000



{SP273] Vulnerability Type: Relative path traversal



{CWE-23], Improper Limitation of a Pathname to a restricted



Directory {CWE-22], {CWE 35], {CWE 36], {CAPEC-126] CVSS



v3.1 Risk Level: High CVSS v3.1 Risk Score: 8.1 CVSS v3.1



Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS



v3.0 Risk Level: High CVSS v3.0 Risk Score: 8.1 CVSS v3.0



Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS



v2.0 Risk Level: High CVSS v2.0 Base Score: 7.8 CVSS v2.0



Temporal Score: 6.1 CVSS v2.0 Vector:



CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N CVSS v2.0 Temporal Vector:



CVSS2#E:POC/RL:OF/RC:C Solution Status: Fixed in Version



4.30.000000 {SP273] Manufacturer Notification: 5th July



2021 Solution Date: 9th August 2021 Public Disclosure:



26.08.2021 CVE Reference: Author of Advisory: Heiko



Feldhusen, Rheinmetall Cyber Solutions GmbH


---------------------------------------------------------------


[Affected Component]



Web-Filtering Page


---------------------------------------------------------------


[Attack Type]



Remote


---------------------------------------------------------------


[Impact Information Disclosure]



true


---------------------------------------------------------------


[Attack Vectors]



simply using the url of the product within a



standard-browser


---------------------------------------------------------------


[Has vendor confirmed]



true


---------------------------------------------------------------


[Discoverer]



Heiko Feldhusen, Rheinmetall-Cyber-Solutions


---------------------------------------------------------------


[Reference]



https://seclists.org/fulldisclosure/2021/Sep/6<%20https:/seclists.org/fulldisclosure/2021/Sep/6>



http://articatech.net/service-packs-unstable-new.php?patch=273&main=4.30.000000<%20http:/articatech.net/service-packs-unstable-new.php?patch=273&main=4.30.000000>


---------------------------------------------------------------


[Vendor of Product]



Artica Tech


---------------------------------------------------------------


[Affected Product Code Base]



affected Versions: Artica Proxy VMWare Appliance



4.30.000000 <={SP273] fixed Artica Proxy VMWare Appliance



4.30.000000 >{SP273]


---------------------------------------------------------------



Directory Traversal vulnerability in Artica Proxy VMWare Appliance 4.30.000000 <=[SP273]. This vulnerability exists in 
the used cgi function, which is a built in part of the proxy.
Directory traversal vulnerability in Arctica Proxy 4.30.000000 from SP206 to SP255, via the filename parameter to 
/cgi-bin/main.cgi.


Mit freundlichen Grüßen / Yours Sincerely

Heiko Feldhusen
ISOC Engineer
Engineering

Rheinmetall Cyber Solutions GmbH
Mary-Somerville-Str. 14 · 28359 Bremen · Germany
Tel. / Phone

+49 (0) 421 8070 1025<tel:+4942180701025>

Heiko.Feldhusen@rheinmetall-cyber.solutions<mailto:Heiko.Feldhusen@rheinmetall-cyber.solutions>
www.rheinmetall-cyber.solutions
Think before you print!

[cid:image001.png@01D853BE.3C0BFD60]

Rheinmetall Cyber Solutions GmbH
Mary-Somerville-Str. 14, 28359 Bremen, Germany  Sitz der Gesellschaft: Bremen
Amtsgericht Bremen HRB 35895
Geschäftsführung/Executive Board:
Moritz Pichler, Jendrik Kreisel
This email may contain confidential information. If you are not the intended addressee, or if the information provided 
in this email including any attachments) is evidently not destined for you, kindly inform us promptly and delete the 
message received in error (including any attachments) by erasing it from all your computers and other storage devices 
or media and destroying any hard copies thereof. Any unauthorized processing, forwarding, disclosure, distribution, 
divulgation, storage, printout or other use of this message or its attachment is prohibited. If your system is infected 
or otherwise bugged by any virus that is carried by this email, we disclaim any liability whatsoever for the ensuing 
loss or damage unless caused by our intention or gross negligence.


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: