Improper Authentication in Files iOS - CVE-2023-49790
Published: December 19, 2023
Vulnerability identifier: #VU84546
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-49790
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Files iOS
Files iOS
Software vendor:
Nextcloud
Nextcloud
Description
The vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests within the App PIN code. An attacker with physical access can use the application without providing the 4 digit PIN code.
Remediation
Install updates from vendor's website.