CVE-2020-37086

Easy Transfer 1.7 for iOS - Directory Traversal

CVSS 6.9 MEDIUMEPSS 0.5%CWE-22

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

Rubikon Teknoloji · Easy Transfer

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://apps.apple.com/us/app/easy-transfer-wifi-transfer/id1484667078 https://www.exploit-db.com/exploits/48395 https://www.vulncheck.com/advisories/easy-transfer-for-ios-directory-traversal https://www.vulnerability-lab.com/get_content.php?id=2223