Main Vulnerability Database Vulnerabilities #VU61279

#VU61279 Authentication bypass using an alternate path or channel in Nextcloud Android Talk - CVE-2021-41181

Published: March 14, 2022

Vulnerability identifier: #VU61279

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-41181

CWE-ID: CWE-288

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Nextcloud Android Talk

Software vendor:
Nextcloud

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected application does not properly detect the lockscreen state when a call is incoming. An attacker with physical access to the locked phone can gain access to the chat messages and files of the user.

Remediation

Install updates from vendor's website.

External links

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-497c-c8hx-6qcf
https://github.com/nextcloud/talk-android/pull/1585

#VU61279 Authentication bypass using an alternate path or channel in Nextcloud Android Talk - CVE-2021-41181

Description

Remediation

External links

Please verify you're human