CVE-2014-1970

Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://jvn.jp/en/jp/JVN70029459/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000033

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:estrongs:es_file_explorer::::::android::*
	cpe:2.3:a:estrongs:es_file_explorer:1.6.0.2:::::android::
	cpe:2.3:a:estrongs:es_file_explorer:1.6.1.1:::::android::

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-03-20 15:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-1970

Mitre link : CVE-2014-1970

CVE.ORG link : CVE-2014-1970

JSON object : View

Products Affected

estrongs

es_file_explorer

google

android

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2014-1970", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-03-20T15:55:05.493", "references": [{"url": "http://jvn.jp/en/jp/JVN70029459/index.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000033", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la aplicaci\u00f3n ES File Explorer File Manager anterior a 3.0.4 para Android permite atacantes remotos sobreescribir o crear archivos arbitrarios a trav\u00e9s de vectores no especificados."}], "lastModified": "2014-03-20T17:12:59.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:estrongs:es_file_explorer:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "A93B248F-FF78-4F4A-9804-CE7FBB66922A", "versionEndIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:estrongs:es_file_explorer:1.6.0.2:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "E485A4B7-1554-4294-BDCB-C9BE67EA7781"}, {"criteria": "cpe:2.3:a:estrongs:es_file_explorer:1.6.1.1:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "CBCE8965-B3CC-4016-BC22-14481F3263E4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vultures@jpcert.or.jp"}