CVE-2024-2056
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/03/2024
Last modified:
12/01/2026
Description
Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:articatech:artica_proxy:4.50.000000:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/fulldisclosure/2024/Mar/14
- https://github.com/gvalkov/tailon#security
- https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt
- http://seclists.org/fulldisclosure/2024/Mar/14
- https://github.com/gvalkov/tailon#security
- https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt