Mobile Security Framework
CVE-2024-43399
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the vulnerability allows an attacker to extract files to any desired location within the server running MobSF. This vulnerability is fixed in 4.0.7.
AnalysisAI
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-23. Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the vulnerability allows an attacker to extract files to any desired location within the server running MobSF. This vulnerability is fixed in 4.0.7. Affected products include: Opensecurity Mobile Security Framework. Version information: Before 4.0.7.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Mobile Security Framework
View allMobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo
MobSF versions prior to 4.4.5 are vulnerable to stored XSS through unsanitized rendering of Android manifest attributes
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. Rated high severity (CVSS 7.5), t
Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability
MobSF is a mobile application security testing tool used. Rated medium severity (CVSS 6.8), this vulnerability is remote
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor
MobSF is a mobile application security testing tool used. Rated low severity (CVSS 1.3), this vulnerability is remotely
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today