Multiple vulnerabilities in Nextcloud Desktop Client

Published: 2021-08-19

Risk	High
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2021-37617 CVE-2021-32728
CWE-ID	CWE-426 CWE-295
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	desktop Other software / Other software solutions
Vendor	Nextcloud

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Untrusted search path

EUVDB-ID: #VU55976

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2021-37617

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges.

The vulnerability exists due to uncontrolled search path. A remote attacker can create a malicious "Uninstall.exe" and execute it with administrative privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

desktop: 3.0.3 - 3.2.4

CPE2.3

External links

https://github.com/nextcloud/desktop/pull/3497
https://hackerone.com/reports/1240749
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Certificate Validation

EUVDB-ID: #VU55977

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-32728

CWE-ID: CWE-295 - Improper Certificate Validation