lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <886201bf94bd4685a300f82e830ab56e@rheinmetall-cyber.solutions>
Date: Tue, 19 Apr 2022 05:22:33 +0000
From: Heiko Feldhusen via Fulldisclosure <fulldisclosure@...lists.org>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] CVE-2021-40680: Artica Proxy VMWare Appliance 4.30.000000
 <=[SP273] Rev.1

---------------------------------------------------------------

> [Vulnerability Type]

>> Directory Traversal

---------------------------------------------------------------

> [Additional Information]

>> Advisory ID: RCS20210707-0 Product: Artica Proxy VMWare

>> Appliance Vendor/Manufacturer: ArticaTech

>> (https://www.articatech.com) Affected Version(s):

>> 4.30.000000 <={SP273] Tested Version(s): 4.30.000000

>> {SP273] Vulnerability Type: Relative path traversal

>> {CWE-23], Improper Limitation of a Pathname to a restricted

>> Directory {CWE-22], {CWE 35], {CWE 36], {CAPEC-126] CVSS

>> v3.1 Risk Level: High CVSS v3.1 Risk Score: 8.1 CVSS v3.1

>> Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS

>> v3.0 Risk Level: High CVSS v3.0 Risk Score: 8.1 CVSS v3.0

>> Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS

>> v2.0 Risk Level: High CVSS v2.0 Base Score: 7.8 CVSS v2.0

>> Temporal Score: 6.1 CVSS v2.0 Vector:

>> CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N CVSS v2.0 Temporal Vector:

>> CVSS2#E:POC/RL:OF/RC:C Solution Status: Fixed in Version

>> 4.30.000000 {SP273] Manufacturer Notification: 5th July

>> 2021 Solution Date: 9th August 2021 Public Disclosure:

>> 26.08.2021 CVE Reference: Author of Advisory: Heiko

>> Feldhusen, Rheinmetall Cyber Solutions GmbH

---------------------------------------------------------------

> [Affected Component]

>> Web-Filtering Page

---------------------------------------------------------------

> [Attack Type]

>> Remote

---------------------------------------------------------------

> [Impact Information Disclosure]

>> true

---------------------------------------------------------------

> [Attack Vectors]

>> simply using the url of the product within a

>> standard-browser

---------------------------------------------------------------

> [Has vendor confirmed]

>> true

---------------------------------------------------------------

> [Discoverer]

>> Heiko Feldhusen, Rheinmetall-Cyber-Solutions

---------------------------------------------------------------

> [Reference]

>> https://seclists.org/fulldisclosure/2021/Sep/6<%20https:/seclists.org/fulldisclosure/2021/Sep/6>

>> http://articatech.net/service-packs-unstable-new.php?patch=273&main=4.30.000000<%20http:/articatech.net/service-packs-unstable-new.php?patch=273&main=4.30.000000>

---------------------------------------------------------------

> [Vendor of Product]

>> Artica Tech

---------------------------------------------------------------

> [Affected Product Code Base]

>> affected Versions: Artica Proxy VMWare Appliance

>> 4.30.000000 <={SP273] fixed Artica Proxy VMWare Appliance

>> 4.30.000000 >{SP273]

---------------------------------------------------------------



Directory Traversal vulnerability in Artica Proxy VMWare Appliance 4.30.000000 <=[SP273]. This vulnerability exists in the used cgi function, which is a built in part of the proxy.
Directory traversal vulnerability in Arctica Proxy 4.30.000000 from SP206 to SP255, via the filename parameter to /cgi-bin/main.cgi.


Mit freundlichen Grüßen / Yours Sincerely

Heiko Feldhusen
ISOC Engineer
Engineering

Rheinmetall Cyber Solutions GmbH
Mary-Somerville-Str. 14 · 28359 Bremen · Germany
Tel. / Phone

+49 (0) 421 8070 1025<tel:+4942180701025>

Heiko.Feldhusen@...inmetall-cyber.solutions<mailto:Heiko.Feldhusen@...inmetall-cyber.solutions>
www.rheinmetall-cyber.solutions
Think before you print!

[cid:image001.png@...853BE.3C0BFD60]

Rheinmetall Cyber Solutions GmbH
Mary-Somerville-Str. 14, 28359 Bremen, Germany  Sitz der Gesellschaft: Bremen
Amtsgericht Bremen HRB 35895
Geschäftsführung/Executive Board:
Moritz Pichler, Jendrik Kreisel
This email may contain confidential information. If you are not the intended addressee, or if the information provided in this email including any attachments) is evidently not destined for you, kindly inform us promptly and delete the message received in error (including any attachments) by erasing it from all your computers and other storage devices or media and destroying any hard copies thereof. Any unauthorized processing, forwarding, disclosure, distribution, divulgation, storage, printout or other use of this message or its attachment is prohibited. If your system is infected or otherwise bugged by any virus that is carried by this email, we disclaim any liability whatsoever for the ensuing loss or damage unless caused by our intention or gross negligence.

Download attachment "image001.png" of type "image/png" (4505 bytes)

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ