[SingCERT] Advisory on Vulnerability for Android ES File Explorer Application (CVE-2019-6447)

Published on 18 Jan 2019

Updated on 23 Oct 2019

Background

On 17 January, a security researcher found a vulnerability in an Android application known as “ES File Explorer File Manager” (CVE-2019-6447). The application is commonly used for managing files on devices running the Android operating system.

The application only needs to be run once for the vulnerability to be active. Once launched, the application starts a web server on port number 59777 in the background, and allows attackers on the same network to gain access and download files that are stored in the compromised device.

Affected Products

• ES File Explorer File Manager ver 4.1.9.7.4 and older versions
• ES File Explorer/Manager Pro ver Pro 1.1.4.1 and older versions

Impact

Successful exploitation of this vulnerability could result in the disclosure of sensitive information as an attacker can remotely launch applications and access all files in the device.

Recommendations

The vulnerability has been fixed and the updated version of the application will be released shortly. SingCERT recommends users of the application to take the following actions:

• Check the Google Play Store and update the application once the new version is released. 
• In the meantime, avoid using the application when their device is connected to an unsecured network   (e.g. public Wi-Fi).
• Consider using alternative File Manager applications. See reference [3] for possible alternatives.

References

[1] https://www.cvedetails.com/cve/CVE-2019-6447
[2] https://www.androidauthority.com/es-file-explorer-security-flaw-943675/
[3] https://www.androidauthority.com/file-manager-explorer-apps-android-279800