CVE-2023-45688

Name of the Vulnerable Software and Affected Versions Titan MFT and Titan SFTP servers (affected versions not specified)

Description The issue is related to insufficient path validation in the Titan MFT and Titan SFTP servers, allowing an authenticated attacker to obtain the size of an arbitrary file on the filesystem. This can be achieved through path traversal in the ftp "SIZE" command.

Recommendations For Titan MFT and Titan SFTP servers, consider restricting access to the ftp "SIZE" command until a patch is available. As a temporary workaround, limit the ability of authenticated attackers to perform path traversal attacks by implementing additional validation on file paths. Avoid using the ftp "SIZE" command with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.