CVE-2020-17506
CVE-2020-17506
Vexday Risk Score
82Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 94.0%KEV nãoPoC públicaNuclei simMetasploit simPatch —
Lifecycle
09 Aug 2020Metasploit module available
12 Aug 2020Published on NVD
13 Aug 2020Public PoC
Weaponization speed
same dayto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Patch as soon as possible — active exploitation confirmed.
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.htmlunverifiedcve_referencepacketstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48744unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.