CVE-2023-45685 Arbitrary file write via "zip slip" in Titan MFT and Titan SFTP servers

2023-10-1616:08:25

CWE-22

rapid7

www.cve.org

cve-2023-45685

arbitrary file write

zip slip

titan mft

titan sftp

path validation

authenticated attacker

path traversal

windows

linux

filesystem

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

24.6%

JSON

Insufficient path validation when extracting a zip archive in South River Technologies’ Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux",
      "Windows"
    ],
    "product": "Titan MFT",
    "vendor": "South River Technologies",
    "versions": [
      {
        "lessThanOrEqual": "2.0.17.2298",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux",
      "Windows"
    ],
    "product": "Titan SFTP",
    "vendor": "South River Technologies",
    "versions": [
      {
        "lessThanOrEqual": "2.0.17.2298",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]