Municorn FAX App Path Traversal Vulnerability in Android

A path traversal vulnerability has been identified in Municorn FAX App version 3.27.0 for Android. This issue arises from inadequate security measures during the file import process, allowing unauthorized manipulation of file names and contents. Exploitation of this vulnerability enables the writing of arbitrary files into the app's internal storage, potentially disrupting normal operations and leading to a denial-of-service condition. The vulnerability affects the component 'biz.faxapp.app' and requires local exploitation.

Impact

Exploitation of this vulnerability allows for unauthorized file writes into the app's internal storage, bypassing sandbox restrictions. This could disrupt the app's functionality, cause it to exhaust available storage or memory resources, and lead to a denial-of-service condition. Additionally, such file writes could be used to manipulate or corrupt data within the app, compromising data integrity.

Reproduction

The vulnerability can be reproduced by sending an intent to the 'biz.faxapp.app.ui.main.MainActivity' component. This intent should include a URI that exploits the path traversal flaw by navigating up the directory structure to write a file into the app's internal storage. Once the intent is received, the specified file is created without any user consent, demonstrating the unauthorized access.