CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
12.6%
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud
Server with a computer. The Nextcloud Desktop Client invokes its
uninstaller script when being installed to make sure there are no remnants
of previous installations. In versions 3.0.3 through 3.2.4, the Client
searches the Uninstall.exe
file in a folder that can be written by
regular users. This could lead to a case where a malicious user creates a
malicious Uninstall.exe
, which would be executed with administrative
privileges on the Nextcloud Desktop Client installation. This issue is
fixed in Nextcloud Desktop Client version 3.3.0. As a workaround, do not
allow untrusted users to create content in the C:\
system folder and
verify that there is no malicious C:\Uninstall.exe
file on the system.
Author | Note |
---|---|
seth-arnold | Windows-specific |
github.com/nextcloud/desktop/pull/3497
github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v
hackerone.com/reports/1240749
launchpad.net/bugs/cve/CVE-2021-37617
nvd.nist.gov/vuln/detail/CVE-2021-37617
security-tracker.debian.org/tracker/CVE-2021-37617
www.cve.org/CVERecord?id=CVE-2021-37617
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
12.6%