Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation

Posted on 06 March 2024

The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to the file system.