Full Disclosure mailing list archives
CVE-2021-40680: Artica Proxy VMWare Appliance 4.30.000000 <=[SP273] Rev.1
From: Heiko Feldhusen via Fulldisclosure <fulldisclosure () seclists org>
Date: Tue, 19 Apr 2022 05:22:33 +0000
---------------------------------------------------------------
[Vulnerability Type]
Directory Traversal
---------------------------------------------------------------
[Additional Information]
Advisory ID: RCS20210707-0 Product: Artica Proxy VMWare
Appliance Vendor/Manufacturer: ArticaTech
(https://www.articatech.com) Affected Version(s):
4.30.000000 <={SP273] Tested Version(s): 4.30.000000
{SP273] Vulnerability Type: Relative path traversal
{CWE-23], Improper Limitation of a Pathname to a restricted
Directory {CWE-22], {CWE 35], {CWE 36], {CAPEC-126] CVSS
v3.1 Risk Level: High CVSS v3.1 Risk Score: 8.1 CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS
v3.0 Risk Level: High CVSS v3.0 Risk Score: 8.1 CVSS v3.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS
v2.0 Risk Level: High CVSS v2.0 Base Score: 7.8 CVSS v2.0
Temporal Score: 6.1 CVSS v2.0 Vector:
CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N CVSS v2.0 Temporal Vector:
CVSS2#E:POC/RL:OF/RC:C Solution Status: Fixed in Version
4.30.000000 {SP273] Manufacturer Notification: 5th July
2021 Solution Date: 9th August 2021 Public Disclosure:
26.08.2021 CVE Reference: Author of Advisory: Heiko
Feldhusen, Rheinmetall Cyber Solutions GmbH
---------------------------------------------------------------
[Affected Component]
Web-Filtering Page
---------------------------------------------------------------
[Attack Type]
Remote
---------------------------------------------------------------
[Impact Information Disclosure]
true
---------------------------------------------------------------
[Attack Vectors]
simply using the url of the product within a
standard-browser
---------------------------------------------------------------
[Has vendor confirmed]
true
---------------------------------------------------------------
[Discoverer]
Heiko Feldhusen, Rheinmetall-Cyber-Solutions
---------------------------------------------------------------
[Reference]
https://seclists.org/fulldisclosure/2021/Sep/6<%20https:/seclists.org/fulldisclosure/2021/Sep/6>
http://articatech.net/service-packs-unstable-new.php?patch=273&main=4.30.000000<%20http:/articatech.net/service-packs-unstable-new.php?patch=273&main=4.30.000000>
---------------------------------------------------------------
[Vendor of Product]
Artica Tech
---------------------------------------------------------------
[Affected Product Code Base]
affected Versions: Artica Proxy VMWare Appliance
4.30.000000 <={SP273] fixed Artica Proxy VMWare Appliance
4.30.000000 >{SP273]
--------------------------------------------------------------- Directory Traversal vulnerability in Artica Proxy VMWare Appliance 4.30.000000 <=[SP273]. This vulnerability exists in the used cgi function, which is a built in part of the proxy. Directory traversal vulnerability in Arctica Proxy 4.30.000000 from SP206 to SP255, via the filename parameter to /cgi-bin/main.cgi. Mit freundlichen Grüßen / Yours Sincerely Heiko Feldhusen ISOC Engineer Engineering Rheinmetall Cyber Solutions GmbH Mary-Somerville-Str. 14 · 28359 Bremen · Germany Tel. / Phone +49 (0) 421 8070 1025<tel:+4942180701025> Heiko.Feldhusen@rheinmetall-cyber.solutions<mailto:Heiko.Feldhusen@rheinmetall-cyber.solutions> www.rheinmetall-cyber.solutions Think before you print! [cid:image001.png@01D853BE.3C0BFD60] Rheinmetall Cyber Solutions GmbH Mary-Somerville-Str. 14, 28359 Bremen, Germany Sitz der Gesellschaft: Bremen Amtsgericht Bremen HRB 35895 Geschäftsführung/Executive Board: Moritz Pichler, Jendrik Kreisel This email may contain confidential information. If you are not the intended addressee, or if the information provided in this email including any attachments) is evidently not destined for you, kindly inform us promptly and delete the message received in error (including any attachments) by erasing it from all your computers and other storage devices or media and destroying any hard copies thereof. Any unauthorized processing, forwarding, disclosure, distribution, divulgation, storage, printout or other use of this message or its attachment is prohibited. If your system is infected or otherwise bugged by any virus that is carried by this email, we disclaim any liability whatsoever for the ensuing loss or damage unless caused by our intention or gross negligence.
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- CVE-2021-40680: Artica Proxy VMWare Appliance 4.30.000000 <=[SP273] Rev.1 Heiko Feldhusen via Fulldisclosure (Apr 22)