What is CVE-2020-17505?

CVE-2020-17505 is a vulnerability in N/a. Published 2020-08-12.

Is CVE-2020-17505 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-17505

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.

EPSS: 0.896 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
Live-Hack-CVE/CVE-2020-17505
merlinepedra/nuclei-templates
merlinepedra25/nuclei-templates
sobinge/nuclei-templates

References

blog.max0x4141.com/post/artica_proxy/ (x_refsource_MISC)
packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-By… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-17505?: CVE-2020-17505 is a vulnerability in N/a. Published 2020-08-12.
Is CVE-2020-17505 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.