CVE-2023-45687

A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690	Vendor Advisory
https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:southrivertech:titan_mft_server::::::linux::*
	cpe:2.3:a:southrivertech:titan_mft_server::::::windows::*

Configuration 2 (hide)

OR	cpe:2.3:a:southrivertech:titan_sftp_server::::::linux::*
	cpe:2.3:a:southrivertech:titan_sftp_server::::::windows::*

History

No history.

Information

Published : 2023-10-16 17:15

Updated : 2023-10-24 15:58

NVD link : CVE-2023-45687

Mitre link : CVE-2023-45687

CVE.ORG link : CVE-2023-45687

JSON object : View

Products Affected

southrivertech

titan_sftp_server
titan_mft_server

CWE

CWE-384

Session Fixation

{"id": "CVE-2023-45687", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-10-16T17:15:10.107", "references": [{"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690", "tags": ["Vendor Advisory"], "source": "cve@rapid7.com"}, {"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@rapid7.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-384"}]}, {"type": "Secondary", "source": "cve@rapid7.com", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing"}, {"lang": "es", "value": "Una vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux y Windows permite a un atacante eludir la autenticaci\u00f3n del servidor si puede enga\u00f1ar a un administrador para que autorice una identificaci\u00f3n de sesi\u00f3n de su elecci\u00f3n."}], "lastModified": "2023-10-24T15:58:30.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "6F4EB0AE-8C4A-4FF6-AE00-D87C9719C6D7", "versionEndExcluding": "2.0.18"}, {"criteria": "cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "2740E6FA-C5D8-465F-95A7-54F75421FD95", "versionEndExcluding": "2.0.18"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "B3EDB373-C26D-478D-9B44-D2D5A19276E5", "versionEndExcluding": "2.0.18"}, {"criteria": "cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E6520883-8DE6-4682-8937-1E49573112EA", "versionEndExcluding": "2.0.18"}], "operator": "OR"}]}], "sourceIdentifier": "cve@rapid7.com"}