CVE-2023-45685

Summary

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal

Affected Software

VendorProductVersion RangeStatus
South River TechnologiesTitan MFT0 <= 2.0.17.2298affected
South River TechnologiesTitan SFTP0 <= 2.0.17.2298affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References