#VU44118 Input validation error in Nextcloud iOS App - CVE-2011-4016

Cybersecurity Help s.r.o.

Published: 2012-05-02 | Updated: 2020-08-11

Vulnerability identifier: #VU44118

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-4016

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Nextcloud iOS App
Other software / Other software solutions

Vendor: Nextcloud

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Nextcloud iOS App: 12.2 - 15.2

External links
https://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html
https://www.securitytracker.com/id?1027005

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Nextcloud ios