Ateme TITAN File Server-Side Request Forgery Vulnerability Allowing Network Enumeration
Vulnerability
A server-side request forgery (SSRF) vulnerability has been identified in Ateme TITAN File version 3.9.12.4. This vulnerability allows authenticated attackers to bypass network restrictions by exploiting an unvalidated job callback URL parameter. The flaw enables the application to make HTTP, DNS, or file requests to arbitrary destinations, potentially leading to unauthorized enumeration of files, services, and network resources.
Impact
Exploitation of this vulnerability could allow an authenticated attacker to initiate file, service, and network enumeration on internal networks, bypassing firewall restrictions.
Reproduction
To reproduce this vulnerability, an authenticated user can send a request that includes a crafted job callback URL parameter. This parameter should specify an external domain or an internal resource that the application will access. The absence of validation on the URL parameter allows for the manipulation of the application's request behavior, enabling the enumeration of files or services from the targeted location.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.