Directory Traversal Vulnerability in Foxit MobilePDF for iOS
CVE-2017-16814

5.5MEDIUM

Key Information:

Vendor: Foxit
Status: MobilePDF
Vendor: CVE Published:; 26 February 2018

What is CVE-2017-16814?

A Directory Traversal vulnerability was identified in Foxit MobilePDF application for iOS, where attackers can exploit the use of URL and escape characters during Wi-Fi transfers. This flaw allows bypassing restrictions on local application files, presenting a security risk as it enables unauthorized access to sensitive data. Users are advised to update to the latest version to mitigate this risk.

References

https://www.foxitsoftware.com/support/security-bulletins.php

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2018
Vulnerability Reserved
Nov 13, 2017