CVE-2023-45685

2023-10-1617:15:09

CWE-22

[email protected]

web.nvd.nist.gov

insufficient path validation

titan mft

titan sftp

authenticated attacker

file writing

path traversal

windows

linux

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

24.6%

JSON

Insufficient path validation when extracting a zip archive in South River Technologies’ Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal

Affected configurations

Nvd

Node

southrivertechtitan_mft_serverRange<2.0.18linux

southrivertechtitan_mft_serverRange<2.0.18windows

Node

southrivertechtitan_sftp_serverRange<2.0.18linux

southrivertechtitan_sftp_serverRange<2.0.18windows

VendorProductVersionCPE
southrivertechtitan_mft_server*cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:*
southrivertechtitan_mft_server*cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:windows:*:*
southrivertechtitan_sftp_server*cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:linux:*:*
southrivertechtitan_sftp_server*cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
southrivertech	titan_mft_server	*	cpe:2.3:a:southrivertech:titan_mft_server::::::linux::*
southrivertech	titan_mft_server	*	cpe:2.3:a:southrivertech:titan_mft_server::::::windows::*
southrivertech	titan_sftp_server	*	cpe:2.3:a:southrivertech:titan_sftp_server::::::linux::*
southrivertech	titan_sftp_server	*	cpe:2.3:a:southrivertech:titan_sftp_server::::::windows::*