[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] CVE-2021-40680: Artica Proxy VMWare Appliance 4.30.000000 <=[SP273] Rev.1
From: Heiko Feldhusen via Fulldisclosure <fulldisclosure () seclists ! org>
Date: 2022-04-19 5:22:33
Message-ID: 886201bf94bd4685a300f82e830ab56e () rheinmetall-cyber ! solutions
[Download RAW message or body]
---------------------------------------------------------------
> [Vulnerability Type]
> > Directory Traversal
---------------------------------------------------------------
> [Additional Information]
> > Advisory ID: RCS20210707-0 Product: Artica Proxy VMWare
> > Appliance Vendor/Manufacturer: ArticaTech
> > (https://www.articatech.com) Affected Version(s):
> > 4.30.000000 <={SP273] Tested Version(s): 4.30.000000
> > {SP273] Vulnerability Type: Relative path traversal
> > {CWE-23], Improper Limitation of a Pathname to a restricted
> > Directory {CWE-22], {CWE 35], {CWE 36], {CAPEC-126] CVSS
> > v3.1 Risk Level: High CVSS v3.1 Risk Score: 8.1 CVSS v3.1
> > Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS
> > v3.0 Risk Level: High CVSS v3.0 Risk Score: 8.1 CVSS v3.0
> > Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS
> > v2.0 Risk Level: High CVSS v2.0 Base Score: 7.8 CVSS v2.0
> > Temporal Score: 6.1 CVSS v2.0 Vector:
> > CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N CVSS v2.0 Temporal Vector:
> > CVSS2#E:POC/RL:OF/RC:C Solution Status: Fixed in Version
> > 4.30.000000 {SP273] Manufacturer Notification: 5th July
> > 2021 Solution Date: 9th August 2021 Public Disclosure:
> > 26.08.2021 CVE Reference: Author of Advisory: Heiko
> > Feldhusen, Rheinmetall Cyber Solutions GmbH
---------------------------------------------------------------
> [Affected Component]
> > Web-Filtering Page
---------------------------------------------------------------
> [Attack Type]
> > Remote
---------------------------------------------------------------
> [Impact Information Disclosure]
> > true
---------------------------------------------------------------
> [Attack Vectors]
> > simply using the url of the product within a
> > standard-browser
---------------------------------------------------------------
> [Has vendor confirmed]
> > true
---------------------------------------------------------------
> [Discoverer]
> > Heiko Feldhusen, Rheinmetall-Cyber-Solutions
---------------------------------------------------------------
> [Reference]
> > https://seclists.org/fulldisclosure/2021/Sep/6<%20https:/seclists.org/fulldisclosure/2021/Sep/6>
> >
> > http://articatech.net/service-packs-unstable-new.php?patch=273&main=4.30.000000<%20http:/articatech.net/service-packs-unstable-new.php?patch=273&main=4.30.000000>
> >
---------------------------------------------------------------
> [Vendor of Product]
> > Artica Tech
---------------------------------------------------------------
> [Affected Product Code Base]
> > affected Versions: Artica Proxy VMWare Appliance
> > 4.30.000000 <={SP273] fixed Artica Proxy VMWare Appliance
> > 4.30.000000 >{SP273]
---------------------------------------------------------------
Directory Traversal vulnerability in Artica Proxy VMWare Appliance 4.30.000000 <=[SP273]. This \
vulnerability exists in the used cgi function, which is a built in part of the proxy. Directory \
traversal vulnerability in Arctica Proxy 4.30.000000 from SP206 to SP255, via the filename \
parameter to /cgi-bin/main.cgi.
Mit freundlichen Grüßen / Yours Sincerely
Heiko Feldhusen
ISOC Engineer
Engineering
Rheinmetall Cyber Solutions GmbH
Mary-Somerville-Str. 14 · 28359 Bremen · Germany
Tel. / Phone
+49 (0) 421 8070 1025<tel:+4942180701025>
Heiko.Feldhusen@rheinmetall-cyber.solutions<mailto:Heiko.Feldhusen@rheinmetall-cyber.solutions>
www.rheinmetall-cyber.solutions
Think before you print!
[cid:image001.png@01D853BE.3C0BFD60]
Rheinmetall Cyber Solutions GmbH
Mary-Somerville-Str. 14, 28359 Bremen, Germany Sitz der Gesellschaft: Bremen
Amtsgericht Bremen HRB 35895
Geschäftsführung/Executive Board:
Moritz Pichler, Jendrik Kreisel
This email may contain confidential information. If you are not the intended addressee, or if \
the information provided in this email including any attachments) is evidently not destined for \
you, kindly inform us promptly and delete the message received in error (including any \
attachments) by erasing it from all your computers and other storage devices or media and \
destroying any hard copies thereof. Any unauthorized processing, forwarding, disclosure, \
distribution, divulgation, storage, printout or other use of this message or its attachment is \
prohibited. If your system is infected or otherwise bugged by any virus that is carried by this \
email, we disclaim any liability whatsoever for the ensuing loss or damage unless caused by our \
intention or gross negligence.
["image001.png" (image/png)]
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
--===============7845627980357952520==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic