cve/2024/CVE-2024-2055.md

### [CVE-2024-2055](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2055)
![](https://img.shields.io/static/v1?label=Product&message=Artica%20Proxy&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%204.50%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-552%20Files%20or%20Directories%20Accessible%20to%20External%20Parties&color=brighgreen)

### Description

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.

### POC

#### Reference
- http://seclists.org/fulldisclosure/2024/Mar/13
- https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt

#### Github
No PoCs found on GitHub currently.