An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\SYSTEM, aka NX-I674 (sub-issue 2). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation.
References
Link | Resource |
---|---|
https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-06-19T20:25:49
Updated: 2022-06-22T15:20:53
Reserved: 2022-06-19T00:00:00
Link: CVE-2022-34006
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-19T21:15:07.937
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-34006
JSON object: View
Redhat Information
No data.
CWE