The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.
Published 2019-01-16 14:29:00
Updated 2023-02-01 17:44:11
Source MITRE
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2019-6447

Probability of exploitation activity in the next 30 days: 51.08%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2019-6447

  • ES File Explorer Open Port
    Disclosure Date: 2019-01-16
    First seen: 2020-04-26
    auxiliary/scanner/http/es_file_explorer_open_port
    This module connects to ES File Explorer's HTTP server to run certain commands. The HTTP server is started on app launch, and is available as long as the app is open. Version 4.1.9.7.4 and below are reported vulnerable This module has been tested against 4.1.9.5.1.

CVSS scores for CVE-2019-6447

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
4.8
MEDIUM AV:A/AC:L/Au:N/C:P/I:P/A:N
6.5
4.9
nvd@nist.gov
8.1
HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2.8
5.2
nvd@nist.gov

CWE ids for CVE-2019-6447

References for CVE-2019-6447

Products affected by CVE-2019-6447

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!