CVE-2023-45685

Arbitrary file write via "zip slip" in Titan MFT and Titan SFTP servers

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal

La validación de ruta insuficiente al extraer un archivo zip en los servidores Titan MFT y Titan SFTP de South River Technologies en Windows y Linux permite a un atacante autenticado escribir un archivo en cualquier ubicación del sistema de archivos a través de un path traversal

*Credits: N/A

CVSS Scores

NISTv3.1 9.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-10-10 CVE Reserved
2023-10-16 CVE Published
2024-09-15 EPSS Updated
2024-09-16 CVE Updated
2024-09-16 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed	2024-09-16

URL	Date	SRC

URL	Date	SRC
https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690	2023-10-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Southrivertech Search vendor "Southrivertech"		Titan Mft Server Search vendor "Southrivertech" for product "Titan Mft Server"				< 2.0.18 Search vendor "Southrivertech" for product "Titan Mft Server" and version " < 2.0.18"		linux		Affected
Southrivertech Search vendor "Southrivertech"		Titan Mft Server Search vendor "Southrivertech" for product "Titan Mft Server"				< 2.0.18 Search vendor "Southrivertech" for product "Titan Mft Server" and version " < 2.0.18"		windows		Affected
Southrivertech Search vendor "Southrivertech"		Titan Sftp Server Search vendor "Southrivertech" for product "Titan Sftp Server"				< 2.0.18 Search vendor "Southrivertech" for product "Titan Sftp Server" and version " < 2.0.18"		linux		Affected
Southrivertech Search vendor "Southrivertech"		Titan Sftp Server Search vendor "Southrivertech" for product "Titan Sftp Server"				< 2.0.18 Search vendor "Southrivertech" for product "Titan Sftp Server" and version " < 2.0.18"		windows		Affected