PT-2022-11299 · Unknown · Artica Proxy Vmware Appliance+1

Heiko Feldhusen

Published

2022-04-25

Updated

2022-05-04

CVE-2021-40680

CVSS v3.1

8.1

High

Vector

AC:L/AV:N/A:N/C:H/I:H/PR:L/S:U/UI:N

Name of the Vulnerable Software and Affected Versions Artica Proxy versions 4.30.000000 SP206 through SP255 Artica Proxy VMware appliance versions 4.30.000000 through SP273

Description The issue is related to a Directory Traversal vulnerability. It can be exploited via the filename parameter to the "/cgi-bin/main.cgi" API endpoint.

Recommendations For Artica Proxy versions 4.30.000000 SP206 through SP255, avoid using the filename parameter in the "/cgi-bin/main.cgi" endpoint until the issue is resolved. For Artica Proxy VMware appliance versions 4.30.000000 through SP273, restrict access to the "/cgi-bin/main.cgi" endpoint to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-40680

Affected Products

Artica Proxy

Artica Proxy Vmware Appliance

PT-2022-11299 · Unknown · Artica Proxy Vmware Appliance+1

CVE-2021-40680

Weakness Enumeration

Related Identifiers

Affected Products

References · 5