CVE-2019-6447

Опубликовано: 16 янв. 2019

Источник: nvd

CVSS3: 8.1

CVSS2: 4.8

EPSS Высокий

Описание

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.

Ссылки

http://packetstormsecurity.com/files/163303/ES-File-Explorer-4.1.9.7.4-Arbitrary-File-Read.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
Exploit
Third Party Advisory
https://twitter.com/fs0c131y/status/1085460755313508352
Third Party Advisory
http://packetstormsecurity.com/files/163303/ES-File-Explorer-4.1.9.7.4-Arbitrary-File-Read.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
Exploit
Third Party Advisory
https://twitter.com/fs0c131y/status/1085460755313508352
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:estrongs:es_file_explorer_file_manager:*:*:*:*:*:android:*:*

Версия до 4.1.9.7.4 (включая)

EPSS

Процентиль: 99%

0.77751

Высокий

8.1 High

CVSS3

4.8 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-2pqf-jwpx-hmhw