CVE-2014-7954
Android 4.4 MTP Path Traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request.
Vulnerabilidad de directorio transversal en el método doSendObjectInfo en el archivo framework/av/media/mtp/MtpServer.cpp en Android 4.4.4 permite a atacantes físicamente próximos con una conexión directa al dispositivo Android objetivo subir archivos fuera de la tarjeta SD mediante un .. (punto punto) en un parámetro de una solicitud MTP.
The doSendObjectInfo() method of the MtpServer class implemented in frameworks/av/media/mtp/MtpServer.cpp on Android 4.4 does not validate the name parameter of the incoming MTP packet, leading to a path traversal vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-07 CVE Reserved
- 2015-04-19 CVE Published
- 2024-08-06 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/131509/Android-4.4-MTP-Path-Traversal.html | Third Party Advisory |
|
| http://seclists.org/fulldisclosure/2015/Apr/50 | Mailing List |
|
| http://www.securityfocus.com/archive/1/535294/100/1100/threaded | Mailing List | |
| http://www.securityfocus.com/bid/74210 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|