Titan File Transfer Server Flaws Let Attackers Execute Remote Code

by Esmeralda McKenzie
Titan File Transfer Server Flaws Let Attackers Execute Remote Code

Titan File Transfer Server Flaws Let Attackers Execute Remote Code

Titan File Switch Server Flaws

More than one vulnerabilities had been show in Titan MFT and Titan SFTP servers owned by South River Technologies, which had been connected to Info Disclosure, Session Fixation, and Some distance-off code execution. Alternatively, these vulnerabilities had been mounted by South River Technologies.

Titan MFT and Titan SFTP are Managed File Switch (MFT) servers with Salvage File Switch (SFTP), providing scalability, high availability, failover, and clustering. Moreover, Titan MFT also includes load-balancing enhance, multi-server clustering and fail-over, and elevated file transfer speeds with top-line data compression.

CVE-2023-45685: Some distance-off Code Execution through “zip hump”

A possibility actor can exploit this vulnerability by uploading a ZIP file containing a filename such as ../../file that gets extracted delivery air the user’s home checklist attributable to the automatic extraction of ZIP recordsdata within the Titan MFT and Titan SFTP. The severity of this vulnerability is peaceable being analyzed.

Sage

FREE Webinar

Why API Security Must be Your High Priority

API safety isn’t lawful a priority; it’s the lifeline of companies and organizations. Yet, this interconnectivity brings with it an array of vulnerabilities which have a tendency to be concealed under the outside.

A success exploitation of this vulnerability can lead to overwriting /root/.ssh/authorized_keys with the possibility actor’s SSH key, that can even be worn to attain an interactive session and a total lot of alternative factors like new cron jobs, profile modification, and much more.

CVE-2023-45686: Some distance-off Code Execution through WebDAV Direction Traversal

This vulnerability can even be exploited by an authenticated possibility actor, which would possibly perhaps perhaps allow the writing of arbitrary recordsdata any place on the system by along side a ../ personality to the WebDAV URL. That is as a consequence of of the dearth of validation of the route specified within the WebDAV handler. The severity of this vulnerability is peaceable being analyzed.

There is a further prerequisite for this vulnerability, which contains enabling WebDAV by the administrator. This vulnerability handiest impacts the Linux model of Titan MFT.

CVE-2023-45687: Session Fixation on Some distance-off Administration Server

A possibility actor can exploit this vulnerability if the possibility actor is attentive to the SRTSession header rate that is worn when an administrator authenticates to the a long way off administration server’s API using an Authorization header. The severity of this vulnerability will seemingly be peaceable being analyzed.

If the possibility actor can steal a session token, the possibility actor can Rating a new user with an arbitrary home folder, log in to file-add services and products, add authorized_keys, and much more.

CVE-2023-45688: Info Disclosure through Direction Traversal on FTP

This vulnerability arises attributable to erroneous sanitization of route traversal within the SIZE expose on FTP, which is worn to secure the scale of any file on the file system. Alternatively, to milk this vulnerability, the possibility actor wants to be authenticated with an epic that will perhaps log in during the FTP protocol. The severity of this vulnerability is peaceable being analyzed.

CVE-2023-45689: Info Disclosure through Direction Traversal in Admin Interface

This vulnerability arises because the administrator uses the MxUtilFileAction mannequin to retrieve and delete recordsdata from any place on the file system by using the ../ commands of their route. That is a minor insist as directors fill already obtained entire access and entire dangle watch over over the system.

CVE-2023-45690: Info Leak through World-Readable Database + Logs

This vulnerability exists since password hashes appear in world-readable recordsdata, along side databases and log recordsdata, that can even be extracted by customers with low privileges and elevate their privileges with a root epic. Alternatively, as a prerequisite, the possibility actor have to fill shell access to the system to milk this vulnerability.

A entire file has been published by Rapid7, which presents rotund detailed data, source code, exploitation programs, msf console exploit codes, and much more.

Customers of Titan MFT and Titan SFTP are suggested to enhance to the most up-to-the-minute model to forestall these vulnerabilities from getting exploited.

Source credit : cybersecuritynews.com

Related Posts