CVE-2023-45690 - OpenCVE

Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Southrivertech	Titan Mft Server Titan Ftp Server

Configuration 1 [-]

cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:*

References

Link	Resource
https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690	Vendor Advisory
https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: rapid7

Published: 2023-10-16T16:20:52.656Z

Updated: 2023-10-16T16:20:52.656Z

Reserved: 2023-10-10T19:07:28.771Z

Link: CVE-2023-45690

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-16T17:15:10.310

Modified: 2023-10-24T16:45:38.280

Link: CVE-2023-45690

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "6789AE7E-5499-4F33-954F-B051EF52C213", "versionEndIncluding": "2.0.16.2277", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:*", "matchCriteriaId": "6F4EB0AE-8C4A-4FF6-AE00-D87C9719C6D7", "versionEndExcluding": "2.0.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem"}, {"lang": "es", "value": "Los permisos de archivos predeterminados en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux permiten que un usuario que se autentica en el sistema operativo lea archivos confidenciales en el sistema de archivos."}], "id": "CVE-2023-45690", "lastModified": "2023-10-24T16:45:38.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-16T17:15:10.310", "references": [{"source": "cve@rapid7.com", "tags": ["Vendor Advisory"], "url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"}, {"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "cve@rapid7.com", "type": "Secondary"}]}