CVE-2023-45688

Published: Oct 16, 2023Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command

Affected (2)

Products: Southrivertech: Titan Mft Server, Titan Sftp Server

Southrivertech

2 products

Titan Mft Server

Titan Sftp Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Southrivertech Titan Mft Server	Before 2.0.18

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Southrivertech Titan Sftp Server	Before 2.0.18

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690

Source: cve@rapid7.com

Vendor Advisory

https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/

Source: cve@rapid7.com

ExploitThird Party Advisory

https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.