Описание
Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request.
Ссылки
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00416
Низкий
4.6 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 4.6
github
больше 3 лет назад
Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request.
EPSS
Процентиль: 61%
0.00416
Низкий
4.6 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-22