Cryptographic issues in Nextcloud iOS App - CVE-2011-0935
Published: April 14, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU45127
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2011-0935
CWE-ID: CWE-310
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Nextcloud
Affected software:
Nextcloud iOS App
Nextcloud iOS App
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685. CVSS score derived from: http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_2s.html
How to mitigate CVE-2011-0935
Install update from vendor's website.