Multiple vulnerabilities in Nextcloud Desktop Client
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-37617 CVE-2021-32728 |
| CWE-ID | CWE-426 CWE-295 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
desktop Other software / Other software solutions |
| Vendor | Nextcloud |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Untrusted search path
EUVDB-ID: #VU55976
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-37617
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges.
The vulnerability exists due to uncontrolled search path. A remote attacker can create a malicious "Uninstall.exe" and execute it with administrative privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsdesktop: 3.0.3 - 3.2.4
External linkshttp://github.com/nextcloud/desktop/pull/3497
http://hackerone.com/reports/1240749
http://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Certificate Validation
EUVDB-ID: #VU55977
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32728
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the client fails to check if a private key belongs to previously downloaded public certificate. A remote attacker can encrypt the data on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsdesktop: 0.0.2 - 3.2.4
External linkshttp://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5
http://github.com/nextcloud/desktop/pull/3338
http://hackerone.com/reports/1189162
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
