CVE-2024-2055 – CVE-2024-2055 is an authentication bypass vulne... (How to Fix)

Q: What is the severity of CVE-2024-2055?

CVE-2024-2055 has a CVSS score of 9.8 (CRITICAL). CVE-2024-2055 is an authentication bypass vulnerability in Artica Proxy's Rich Filemanager feature that allows unauthenticated attackers to access the file management interface running with root privileges. This affects Artica Proxy installations with the Rich Filemanager feature enabled, which is vulnerable by default configuration.

📋 TL;DR

CVE-2024-2055 is an authentication bypass vulnerability in Artica Proxy's Rich Filemanager feature that allows unauthenticated attackers to access the file management interface running with root privileges. This affects Artica Proxy installations with the Rich Filemanager feature enabled, which is vulnerable by default configuration.

💻 Affected Systems

Products:

Artica Proxy

Versions: All versions with Rich Filemanager feature enabled

Operating Systems: Linux-based systems where Artica Proxy is installed

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists when Rich Filemanager feature is enabled; default installation may have this enabled.

📦 What is this software?

Artica Proxy by Articatech

View all CVEs affecting Artica Proxy →

Artica Proxy by Articatech

View all CVEs affecting Artica Proxy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise: attackers gain root-level file system access, can read/modify/delete any file, install backdoors, or pivot to other systems.

🟠

Likely Case

Unauthorized file access and manipulation: attackers can view sensitive configuration files, steal credentials, or modify system files.

🟢

If Mitigated

Limited impact if authentication is enforced and feature is disabled or properly secured.

🌐 Internet-Facing: HIGH - Directly accessible web interface with no authentication required by default.

🏢 Internal Only: HIGH - Even internal attackers can exploit this without credentials.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request to the Rich Filemanager endpoint without authentication is sufficient for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available; apply workarounds and disable vulnerable feature.

🔧 Temporary Workarounds

Disable Rich Filemanager

linux

Completely disable the vulnerable Rich Filemanager feature in Artica Proxy configuration.

Edit Artica Proxy configuration to disable Rich Filemanager feature
Restart Artica Proxy service

Enable Authentication

linux

Configure authentication requirement for Rich Filemanager interface if it must remain enabled.

Configure authentication in Artica Proxy settings for Rich Filemanager

🧯 If You Can't Patch

Network segmentation: Isolate Artica Proxy from sensitive networks and systems
Access controls: Restrict network access to Artica Proxy using firewalls or ACLs

🔍 How to Verify

Check if Vulnerable:

Check if Rich Filemanager is accessible without authentication by accessing the web interface endpoint.

Check Version:

Check Artica Proxy version through web interface or configuration files

Verify Fix Applied:

Verify Rich Filemanager is either disabled or requires authentication to access.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access to Rich Filemanager endpoints
File operations from unauthenticated users

Network Indicators:

HTTP requests to Rich Filemanager paths without authentication headers

SIEM Query:

web_access AND (uri CONTAINS 'filemanager' OR uri CONTAINS 'richfilemanager') AND auth_status='failed' OR auth_status IS NULL

📊 Metadata

CVE ID: CVE-2024-2055

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-288

Published: March 5, 2024

Last Updated: January 12, 2026

🔗 References

http://seclists.org/fulldisclosure/2024/Mar/13 Mailing List,Third Party Advisory,Exploit
https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt Third Party Advisory,Exploit
http://seclists.org/fulldisclosure/2024/Mar/13 Mailing List,Third Party Advisory,Exploit
https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt Third Party Advisory,Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2055, you might also want to check these: