CVE-2022-34006

Name of the Vulnerable Software and Affected Versions Titan FTP Server NextGen versions prior to 1.2.1050

Description The issue is related to errors during the installation of Microsoft SQL Express 2019, which allows an attacker to execute arbitrary commands with elevated privileges. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTINUsers as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITYSYSTEM.

Recommendations For versions prior to 1.2.1050, as a temporary workaround, consider restricting access to the SQL instance running as SYSTEM to minimize the risk of exploitation. To fully resolve the issue, update to version 1.2.1050 or later, which corrects this vulnerability in new installations. However, note that the 1.2.1050 release does not correct this vulnerability in upgrade installations.