CVE-2023-45688
Information leak via path traversal in Titan MFT and Titan SFTP servers
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command
La falta de suficiente validaciĆ³n de ruta en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux permite a un atacante autenticado obtener el tamaƱo de un archivo arbitrario en el sistema de archivos utilizando path traversal en el comando ftp "SIZE"
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-10 CVE Reserved
- 2023-10-16 CVE Published
- 2024-09-15 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed | 2024-09-16 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Southrivertech Search vendor "Southrivertech" | Titan Mft Server Search vendor "Southrivertech" for product "Titan Mft Server" | < 2.0.18 Search vendor "Southrivertech" for product "Titan Mft Server" and version " < 2.0.18" | linux |
Affected
| ||||||
| Southrivertech Search vendor "Southrivertech" | Titan Sftp Server Search vendor "Southrivertech" for product "Titan Sftp Server" | < 2.0.18 Search vendor "Southrivertech" for product "Titan Sftp Server" and version " < 2.0.18" | linux |
Affected
| ||||||