CVE-2023-45685

Name of the Vulnerable Software and Affected Versions South River Technologies' Titan MFT and Titan SFTP servers (affected versions not specified)

Description The issue is related to insufficient path validation when extracting a zip archive, allowing an authenticated attacker to write a file to any location on the filesystem via path traversal. This can be exploited by a remote attacker to record files in arbitrary locations of the file system.

Recommendations For South River Technologies' Titan MFT and Titan SFTP servers, consider restricting access to the zip archive extraction functionality until a patch is available. As a temporary workaround, consider disabling the zip archive extraction feature to minimize the risk of exploitation. Avoid using the vulnerable path validation mechanism in the affected servers until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.