CVE Vulnerability

CVE-2021-37617

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches the `Uninstall.exe` file in a folder that can be written by regular users. This could lead to a case where a malicious user creates a malicious `Uninstall.exe`, which would be executed with administrative privileges on the Nextcloud Desktop Client installation. This issue is fixed in Nextcloud Desktop Client version 3.3.0. As a workaround, do not allow untrusted users to create content in the `C:` system folder and verify that there is no malicious `C:Uninstall.exe` file on the system.

4.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

7.3 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/nextcloud/desktop/pull/3497 Patch Third Party Advisory
https://hackerone.com/reports/1240749 Permissions Required Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:nextcloud:desktop:*:*:*:*:*:*:*:*
Information

Published : 2021-08-18 06:15

Updated : 2022-10-25 04:18

NVD link : CVE-2021-37617

Mitre link : CVE-2021-37617

Products Affected
No products.
CWE
CWE-427