CVE-2019-6447 : The ES File Explorer File Manager application through 4.1.9.7.4 for Android allo

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.

Published 2019-01-16 14:29:00

Updated 2023-02-01 17:44:11

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-6447

Estrongs » Es File Explorer File Manager » For Android
Versions up to, including, (<=) 4.1.9.7.4
cpe:2.3:a:estrongs:es_file_explorer_file_manager:*:*:*:*:*:android:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-6447

EPSS FAQ

79.64%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2019-6447

ES File Explorer Open Port

Disclosure Date: 2019-01-16

First seen: 2020-04-26

auxiliary/scanner/http/es_file_explorer_open_port

This module connects to ES File Explorer's HTTP server to run certain commands. The HTTP server is started on app launch, and is available as long as the app is open. Version 4.1.9.7.4 and below are reported vulnerable This module has been tested against 4.1.9.5.1.

More information

CVSS scores for CVE-2019-6447

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.8	MEDIUM	AV:A/AC:L/Au:N/C:P/I:P/A:N	6.5	4.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
8.1	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	2.8	5.2	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None

CWE ids for CVE-2019-6447

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-6447

https://twitter.com/fs0c131y/status/1085460755313508352

Elliot Alderson on Twitter: "With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager. The surprise is: if you opened the app at least once, anyone connect
Third Party Advisory
http://packetstormsecurity.com/files/163303/ES-File-Explorer-4.1.9.7.4-Arbitrary-File-Read.html

ES File Explorer 4.1.9.7.4 Arbitrary File Read ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
https://github.com/fs0c131y/ESFileExplorerOpenPortVuln

GitHub - fs0c131y/ESFileExplorerOpenPortVuln: ES File Explorer Open Port Vulnerability - CVE-2019-6447
Exploit;Third Party Advisory

Jump to