Cyber Resilience

CVE-2024-2056

CriticalPublic PoC

Published: 05 March 2024

Published
05 March 2024
Modified
12 January 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0492 89.8th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-2056 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Articatech Artica Proxy. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 10.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-2056 affects the Artica Proxy, where services bound to the loopback interface remain reachable through the proxy itself. In particular the tailon service, which runs as root and listens on TCP port 7050, can be reached externally, exposing the ability to read the contents of arbitrary files on the system. The flaw is rated 9.8 under CVSS 3.1 and is associated with CWE-288 and CWE-552.

An unauthenticated remote attacker can route requests through the proxy to the locally bound tailon instance and retrieve any file present on the Artica Proxy host, resulting in full disclosure of sensitive data and potential follow-on integrity or availability impacts.

Public references, including a KoreLogic advisory and Full Disclosure postings, point to the documented security risks of exposing tailon without additional controls, as noted in the project's own repository. The EPSS score has remained low, with only a minor peak of 0.0562.

EU & UK References

Vulnerability details

Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is…

more

listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

articatech
artica proxy
4.50.000000

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-288

Authorizing remote access reduces the ability to bypass authentication via unauthorized alternate remote channels.

addresses: CWE-552

Controls on authorized publication limit files and directories with nonpublic data from becoming accessible to external parties.

addresses: CWE-288

Users can identify logons via alternate paths or channels by reviewing the previous logon time.

addresses: CWE-552

Controlling and documenting P2P file sharing prevents files and directories from being made accessible to external parties for unauthorized distribution.

addresses: CWE-552

Identifying and documenting file and directory locations allows restriction of access to external parties.

addresses: CWE-552

Protecting backup files ensures they are not accessible to external parties or unauthorized spheres.

addresses: CWE-288

Adaptive requirements can apply across access paths, reducing the ability to bypass authentication via alternate channels or paths.

addresses: CWE-288

Centralized IdPs close alternate authentication paths that enable bypass.

References