CVE-2019-7300

Vulnerability

Artica Proxy version 3.06.200056 contains a vulnerability that exposes the LDAP administrator username and password in plaintext within the ressources/settings.inc file, which is readable without authentication [1][2]. An attacker can retrieve these credentials and then authenticate via logon.php [1]. Once logged in, the admin.index.php administrative interface includes a command-line field that executes commands with root privileges [1][2]. No special configuration is required beyond the default installation.

Exploitation

The attacker first accesses the ressources/settings.inc file over HTTP, which is world-readable and contains the ldap_admin and ldap_password fields [1][2]. Using these credentials, the attacker logs in at logon.php [1]. After successful authentication, the attacker navigates to admin.index.php and enters arbitrary operating system commands into the command-line input field [1][2]. The commands are immediately executed.

Impact

Successful exploitation yields a complete compromise of the affected Artica Proxy appliance. The attacker gains root-level command execution, enabling read, write, and delete access to all files on the system, installation of backdoors, and full control over the proxy service. Confidentiality, integrity, and availability are all severely impacted.

Mitigation

The official vendor has not released a security advisory or patch as of the publication date [2]. Users should immediately change the LDAP admin password, restrict network access to the administrative web interface, and monitor the system for unusual activity. If possible, upgrade to a version that no longer exposes credentials or allows command execution by non-administrative roles. No KEV listing exists for this CVE.