CVE-2021-37617 Information

Description

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4 the Client searches the Uninstall.exe file in a folder that can be written by regular users. This could lead to a case where a malicious user creates a malicious Uninstall.exe which would be executed with administrative privileges on the Nextcloud Desktop Client installation. This issue is fixed in Nextcloud Desktop Client version 3.3.0. As a workaround do not allow untrusted users to create content in the C:\ system folder and verify that there is no malicious C:\Uninstall.exe file on the system.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Reference

https://github.com/nextcloud/desktop/pull/3497 https://hackerone.com/reports/1240749 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.3