Cyber Resilience

CVE-2024-2054

CriticalPublic PoCRCE

Published: 21 March 2024

Published
21 March 2024
Modified
12 January 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8777 99.5th percentile
Risk Priority 72 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-2054 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Articatech Artica Proxy. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-2054 is a deserialization flaw in the Artica-Proxy administrative web application. The component accepts arbitrary PHP objects from remote users without authentication and proceeds to deserialize them, resulting in code execution under the privileges of the www-data account. The issue carries a CVSS 3.1 base score of 9.8 and is tracked as CWE-502.

An unauthenticated attacker with network access can supply a malicious serialized object to the application and obtain arbitrary code execution, granting full control over confidentiality, integrity, and availability of the affected system.

Public advisories describing the flaw have been published at the referenced URLs, including a detailed KoreLogic report and Full Disclosure postings dated March 2024. The associated EPSS score stands at 0.8777 with no material change from its recorded peak.

EU & UK References

Vulnerability details

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

articatech
artica proxy
4.50.000000

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-502

Penetration testing supplies malicious serialized objects, detecting unsafe deserialization and supporting corrective actions.

addresses: CWE-502

Evaluation of untrusted data handling (deserialization testing) reveals unsafe processing, which the required remediation process addresses.

addresses: CWE-502

Untrusted serialized data can be deserialized and observed inside the chamber, blocking gadget-chain exploitation outside the sandbox.

addresses: CWE-502

Validates or rejects untrusted serialized data before deserialization occurs.

addresses: CWE-502

Identifies and blocks malicious code introduced through deserialization of untrusted data at system boundaries.

addresses: CWE-502

Integrity verification of serialized information can detect tampering before deserialization occurs.

addresses: CWE-502

Provenance of associated data allows detection of untrusted sources before deserialization or processing occurs.

References