[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] CVE-2021-40680: Artica Proxy VMWare Appliance 4.30.000000 <=[SP273] Rev.1

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] CVE-2021-40680: Artica Proxy VMWare Appliance 4.30.000000 <=[SP273] Rev.1
From: Heiko Feldhusen via Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Date: Tue, 19 Apr 2022 05:22:33 +0000

---------------------------------------------------------------

> [Vulnerability Type]

>> Directory Traversal

---------------------------------------------------------------

> [Additional Information]

>> Advisory ID: RCS20210707-0 Product: Artica Proxy VMWare

>> Appliance Vendor/Manufacturer: ArticaTech

>> (https://www.articatech.com) Affected Version(s):

>> 4.30.000000 <={SP273] Tested Version(s): 4.30.000000

>> {SP273] Vulnerability Type: Relative path traversal

>> {CWE-23], Improper Limitation of a Pathname to a restricted

>> Directory {CWE-22], {CWE 35], {CWE 36], {CAPEC-126] CVSS

>> v3.1 Risk Level: High CVSS v3.1 Risk Score: 8.1 CVSS v3.1

>> Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS

>> v3.0 Risk Level: High CVSS v3.0 Risk Score: 8.1 CVSS v3.0

>> Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS

>> v2.0 Risk Level: High CVSS v2.0 Base Score: 7.8 CVSS v2.0

>> Temporal Score: 6.1 CVSS v2.0 Vector:

>> CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N CVSS v2.0 Temporal Vector:

>> CVSS2#E:POC/RL:OF/RC:C Solution Status: Fixed in Version

>> 4.30.000000 {SP273] Manufacturer Notification: 5th July

>> 2021 Solution Date: 9th August 2021 Public Disclosure:

>> 26.08.2021 CVE Reference: Author of Advisory: Heiko

>> Feldhusen, Rheinmetall Cyber Solutions GmbH

---------------------------------------------------------------

> [Affected Component]

>> Web-Filtering Page

---------------------------------------------------------------

> [Attack Type]

>> Remote

---------------------------------------------------------------

> [Impact Information Disclosure]

>> true

---------------------------------------------------------------

> [Attack Vectors]

>> simply using the url of the product within a

>> standard-browser

---------------------------------------------------------------

> [Has vendor confirmed]

>> true

---------------------------------------------------------------

> [Discoverer]

>> Heiko Feldhusen, Rheinmetall-Cyber-Solutions

---------------------------------------------------------------

> [Reference]

>> https://seclists.org/fulldisclosure/2021/Sep/6<%20https:/seclists.org/fulldisclosure/2021/Sep/6>

>> http://articatech.net/service-packs-unstable-new.php?patch=273&main=4.30.000000<%20http:/articatech.net/service-packs-unstable-new.php?patch=273&main=4.30.000000>

---------------------------------------------------------------

> [Vendor of Product]

>> Artica Tech

---------------------------------------------------------------

> [Affected Product Code Base]

>> affected Versions: Artica Proxy VMWare Appliance

>> 4.30.000000 <={SP273] fixed Artica Proxy VMWare Appliance

>> 4.30.000000 >{SP273]

---------------------------------------------------------------



Directory Traversal vulnerability in Artica Proxy VMWare Appliance 4.30.000000 
<=[SP273]. This vulnerability exists in the used cgi function, which is a built 
in part of the proxy.
Directory traversal vulnerability in Arctica Proxy 4.30.000000 from SP206 to 
SP255, via the filename parameter to /cgi-bin/main.cgi.


Mit freundlichen Grüßen / Yours Sincerely

Heiko Feldhusen
ISOC Engineer
Engineering

Rheinmetall Cyber Solutions GmbH
Mary-Somerville-Str. 14 · 28359 Bremen · Germany
Tel. / Phone

+49 (0) 421 8070 1025<tel:+4942180701025>

Heiko.Feldhusen@rheinmetall-cyber.solutions<mailto:Heiko.Feldhusen@rheinmetall-cyber.solutions>
www.rheinmetall-cyber.solutions
Think before you print!

[cid:image001.png@01D853BE.3C0BFD60]

Rheinmetall Cyber Solutions GmbH
Mary-Somerville-Str. 14, 28359 Bremen, Germany  Sitz der Gesellschaft: Bremen
Amtsgericht Bremen HRB 35895
Geschäftsführung/Executive Board:
Moritz Pichler, Jendrik Kreisel
This email may contain confidential information. If you are not the intended 
addressee, or if the information provided in this email including any 
attachments) is evidently not destined for you, kindly inform us promptly and 
delete the message received in error (including any attachments) by erasing it 
from all your computers and other storage devices or media and destroying any 
hard copies thereof. Any unauthorized processing, forwarding, disclosure, 
distribution, divulgation, storage, printout or other use of this message or 
its attachment is prohibited. If your system is infected or otherwise bugged by 
any virus that is carried by this email, we disclaim any liability whatsoever 
for the ensuing loss or damage unless caused by our intention or gross 
negligence.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Prev by Date: [FD] Backdoor.Win32.GateHell.21 / Port Bounce Scan
Next by Date: [FD] [AIT-SA-20220208-01] SexyPolling SQL Injection
Previous by thread: [FD] Backdoor.Win32.GateHell.21 / Port Bounce Scan
Next by thread: [FD] [AIT-SA-20220208-01] SexyPolling SQL Injection
Index(es):
- Date
- Thread