Titan Ftp Server
CVE-2023-45690
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem
AnalysisAI
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem Affected products include: Southrivertech Titan Ftp Server, Southrivertech Titan Mft Server.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.
More in Titan Ftp Server
View allAn issue was discovered in TitanFTP through 1.94.1205. Rated high severity (CVSS 8.8), this vulnerability is remotely ex
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. Rated medium severity (CV
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attacke
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attacke
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attacke
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today