CVE-2022-47757 – A path traversal vulnerability in imo.im allows... (How to Fix)

Q: What is the severity of CVE-2022-47757?

CVE-2022-47757 has a CVSS score of 9.8 (CRITICAL). A path traversal vulnerability in imo.im allows attackers to write malicious shared libraries to the application's data directory via unsanitized deeplinks. When the app loads these libraries, it can lead to arbitrary code execution. All users of the affected imo.im version are vulnerable.

📋 TL;DR

A path traversal vulnerability in imo.im allows attackers to write malicious shared libraries to the application's data directory via unsanitized deeplinks. When the app loads these libraries, it can lead to arbitrary code execution. All users of the affected imo.im version are vulnerable.

💻 Affected Systems

Products:

imo.im

Versions: 2022.11.1051

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires user interaction with malicious deeplinks. The app must have write permissions to its data directory.

📦 What is this software?

Imo by Imo

View all CVEs affecting Imo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through arbitrary code execution, potentially allowing complete control of the device and access to all application data.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive user data, message history, and contacts within the imo.im application.

🟢

If Mitigated

Limited impact with proper file system permissions and application sandboxing, potentially preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user to click a malicious deeplink. The vulnerability is well-documented in public advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later versions after 2022.11.1051

Vendor Advisory: https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-ghf9-x3c5-3mwj

Restart Required: Yes

Instructions:

1. Open Google Play Store 2. Search for imo.im 3. Update to latest version 4. Restart the application

🔧 Temporary Workarounds

Disable deeplink handling

android

Prevent imo.im from handling deeplinks by modifying app settings or using Android app settings.

Network filtering

all

Block malicious deeplink URLs at network perimeter or DNS level.

🧯 If You Can't Patch

Uninstall imo.im application from affected devices
Implement strict network filtering to block known malicious deeplink URLs

🔍 How to Verify

Check if Vulnerable:

Check imo.im version in app settings. If version is 2022.11.1051, the system is vulnerable.

Check Version:

Check in Android Settings > Apps > imo.im > App info

Verify Fix Applied:

Verify imo.im version is newer than 2022.11.1051 in app settings.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations in imo.im data directory
Suspicious deeplink URL processing

Network Indicators:

HTTP requests to unusual domains containing deeplink parameters
Suspicious URL patterns in network traffic

SIEM Query:

source="imo.im" AND (event="file_write" OR event="deeplink_processed")

📊 Metadata

CVE ID: CVE-2022-47757

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: May 4, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-ghf9-x3c5-3mwj Third Party Advisory
https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-ghf9-x3c5-3mwj Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-47757, you might also want to check these: