1. Home
  2. CVE Database
  3. CVE-2022-34005
CRITICAL · 9.8

CVE-2022-34005

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance in...

Vulnerability Description

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
SouthrivertechTitan Ftp Server Nextgen< 1.2.1050

Related Weaknesses (CWE)

CWE-798

References

FAQ

What is CVE-2022-34005?

CVE-2022-34005 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance in...

How severe is CVE-2022-34005?

CVE-2022-34005 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-34005?

Check the references section above for vendor advisories and patch information. Affected products include: Southrivertech Titan Ftp Server Nextgen.