CVE-2023-45687

{"id": "CVE-2023-45687", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-10-16T17:15:10.107", "references": [{"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690", "tags": ["Vendor Advisory"], "source": "cve@rapid7.com"}, {"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@rapid7.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-384"}]}, {"type": "Secondary", "source": "cve@rapid7.com", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing"}, {"lang": "es", "value": "Una vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux y Windows permite a un atacante eludir la autenticaci\u00f3n del servidor si puede enga\u00f1ar a un administrador para que autorice una identificaci\u00f3n de sesi\u00f3n de su elecci\u00f3n."}], "lastModified": "2024-09-17T02:35:31.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "6F4EB0AE-8C4A-4FF6-AE00-D87C9719C6D7", "versionEndExcluding": "2.0.18"}, {"criteria": "cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "2740E6FA-C5D8-465F-95A7-54F75421FD95", "versionEndExcluding": "2.0.18"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "B3EDB373-C26D-478D-9B44-D2D5A19276E5", "versionEndExcluding": "2.0.18"}, {"criteria": "cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E6520883-8DE6-4682-8937-1E49573112EA", "versionEndExcluding": "2.0.18"}], "operator": "OR"}]}], "sourceIdentifier": "cve@rapid7.com"}