CVE-2024-2056

moderate-risk

Published 2024-03-05

Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.

Do I need to act?

4.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Artica Proxy

Affected Vendors

Articatech

References (6)

Exploit http://seclists.org/fulldisclosure/2024/Mar/14

Not Applicable https://github.com/gvalkov/tailon#security

Exploit https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt

Exploit http://seclists.org/fulldisclosure/2024/Mar/14

Not Applicable https://github.com/gvalkov/tailon#security

Exploit https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 8/34 · Low

Exposure 5/34 · Minimal