CVE-2014-1970

Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://jvn.jp/en/jp/JVN70029459/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000033
http://jvn.jp/en/jp/JVN70029459/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000033

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:estrongs:es_file_explorer::::::android::*
	cpe:2.3:a:estrongs:es_file_explorer:1.6.0.2:::::android::
	cpe:2.3:a:estrongs:es_file_explorer:1.6.1.1:::::android::

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:05

Type	Values Removed	Values Added
References	~~() http://jvn.jp/en/jp/JVN70029459/index.html -~~	() http://jvn.jp/en/jp/JVN70029459/index.html -
References	~~() http://jvndb.jvn.jp/jvndb/JVNDB-2014-000033 -~~	() http://jvndb.jvn.jp/jvndb/JVNDB-2014-000033 -

Information

Published : 2014-03-20 15:55

Updated : 2024-11-21 02:05

NVD link : CVE-2014-1970

Mitre link : CVE-2014-1970

CVE.ORG link : CVE-2014-1970

JSON object : View

Products Affected

google

android

estrongs

es_file_explorer

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2014-1970", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-03-20T15:55:05.493", "references": [{"url": "http://jvn.jp/en/jp/JVN70029459/index.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000033", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvn.jp/en/jp/JVN70029459/index.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000033", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la aplicaci\u00f3n ES File Explorer File Manager anterior a 3.0.4 para Android permite atacantes remotos sobreescribir o crear archivos arbitrarios a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T02:05:22.703", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:estrongs:es_file_explorer:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "A93B248F-FF78-4F4A-9804-CE7FBB66922A", "versionEndIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:estrongs:es_file_explorer:1.6.0.2:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "E485A4B7-1554-4294-BDCB-C9BE67EA7781"}, {"criteria": "cpe:2.3:a:estrongs:es_file_explorer:1.6.1.1:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "CBCE8965-B3CC-4016-BC22-14481F3263E4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vultures@jpcert.or.jp"}