Cyber Resilience

CVE-2024-2053

HighPublic PoC

Published: 21 March 2024

Published
21 March 2024
Modified
12 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.3654 97.2th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-2053 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Articatech Artica Proxy. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 2.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The vulnerability CVE-2024-2053 affects the Artica Proxy administrative web application, specifically version 4.50. It stems from the application's deserialization of arbitrary PHP objects supplied by unauthenticated users, which leads to code execution as the www-data user. The component also attempts to block local file inclusion, but these controls can be bypassed to permit arbitrary file requests returned under www-data privileges. The issue carries a CVSS 3.1 score of 7.5 reflecting network attack vector, low complexity, no required privileges or user interaction, and high confidentiality impact.

Unauthenticated remote attackers can supply malicious serialized objects or file paths directly to the administrative web interface. Successful exploitation grants the ability to execute code or read arbitrary files on the server with the privileges of the www-data account, enabling disclosure of sensitive configuration or data without authentication.

Public advisories published via KoreLogic and Seclists in March 2024 document the deserialization and path traversal flaws but do not detail available patches or configuration workarounds in the referenced materials.

The EPSS probability rose to a peak of 0.4086 before settling at the current value of 0.3654, indicating that exploitation interest increased after public disclosure.

EU & UK References

Vulnerability details

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to…

more

prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

articatech
artica proxy
4.40.000000, 4.50.000000

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References