PT-2020-12342 · Artica · Artica Proxy

Code16

Published

2020-03-22

Updated

2020-06-22

CVE-2020-10818

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Artica Proxy version 4.26

Description The issue allows remote command execution for an authenticated user via shell metacharacters in the hostname field. This can be exploited by including shell metacharacters in the "Modify the hostname" field.

Recommendations For Artica Proxy version 4.26, consider restricting access to the "Modify the hostname" field to prevent the inclusion of shell metacharacters until a patch is available. As a temporary workaround, validate and sanitize user input in the "Modify the hostname" field to prevent command execution.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-10818

Affected Products

Artica Proxy

PT-2020-12342 · Artica · Artica Proxy

CVE-2020-10818

Weakness Enumeration

Related Identifiers

Affected Products

References · 5