Main Vulnerability Database Vulnerabilities #VU35475

OS Command Injection in Nextcloud iOS App - CVE-2019-12650

Published: September 25, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35475

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-12650

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Nextcloud

Affected software:
Nextcloud iOS App

Detailed vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

How to mitigate CVE-2019-12650

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection

OS Command Injection in Nextcloud iOS App - CVE-2019-12650

Detailed vulnerability description

How to mitigate CVE-2019-12650

Sources

Please verify you're human