CVE-2023-22629
published 2023-02-14CVE-2023-22629: An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated…
PriorityP269high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
12.32%
95.7th percentile
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| southrivertech | titan_ftp_server | <= 1.94.1205 | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
contains(raw, 'TitanFTP') AND compare_versions(version, '<= 1.94.1205')
- →Detect vulnerable TitanFTP servers on TCP/21 by sending a hex probe (00000000) and matching the banner string 'TitanFTP' with version <= 1.94.1205. ↗
- →Extract TitanFTP version from banner using regex 'TitanFTP ([0-9.]+)' to identify vulnerable instances. ↗
- →Shodan query 'product:"Titan ftpd"' can be used to identify internet-exposed TitanFTP servers for proactive detection. ↗
- →Monitor authenticated FTP sessions for move-file requests where the newPath parameter contains path traversal sequences (e.g., '../') to detect exploitation attempts. ↗
- →The exploit chain involves file upload followed by a move-file call with a traversal newPath; alert on authenticated users performing file moves to paths outside their home directory. ↗
- ·Exploitation requires prior authentication; unauthenticated attackers cannot directly exploit this path traversal vulnerability. ↗
- ·The vulnerability affects TitanFTP versions through 1.94.1205; the exploit PoC was tested against version 2.0.1.2102 on Windows Server 2022, indicating the issue persisted across multiple release branches. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)
exploitdb·2023-04-06·CVSS 8.8
CVE-2023-22629 [HIGH] TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)
TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)
---
# Exploit Title: TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)
# Date: 02.14.2023
# Exploit Author: Andreas Finstad
# Vendor Homepage: https://titanftp.com/
# Version: < 2.0.1.2102
# Tested on: Windows 2022 Server
# CVE : CVE-2023-22629
Exploit and description here:
https://f20.be/blog/titanftp
Kind regards
Andreas Finstad
Nuclei
TitanFTP move-file Function ≤ 1.94.1205 - Path Traversal
nuclei·CVSS 8.8
CVE-2023-22629 [HIGH] TitanFTP move-file Function ≤ 1.94.1205 - Path Traversal
TitanFTP move-file Function ≤ 1.94.1205 - Path Traversal
TitanFTP versions up to 1.94.1205 contain a path traversal vulnerability in the move-file function where the newPath parameter is improperly validated. An authenticated user can upload a file and then move it to any location on the server filesystem, potentially allowing arbitrary file placement and system compromise.
Template:
id: CVE-2023-22629
info:
name: TitanFTP move-file Function ≤ 1.94.1205 - Path Traversal
author: pussycat0x
severity: high
description: |
TitanFTP versions up to 1.94.1205 contain a path traversal vulnerability in the move-file function where the newPath parameter is improperly validated. An authenticated user can upload a file and then move it to any location on the server filesystem, potentially allowing
No writeups or analysis indexed.
http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.htmlhttps://f20.be/cves/titan-ftp-vulnerabilitieshttps://titanftp.comhttps://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdfhttp://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.htmlhttps://f20.be/cves/titan-ftp-vulnerabilitieshttps://titanftp.comhttps://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf
2023-02-14
Published