CVE-2021-41181
low-risk
Published 2022-03-08
Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user. It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. There are no known workarounds.
Do I need to act?
-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.4/10
Low
PHYSICAL
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-497c-c...
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-497c-c...
15
/ 100
low-risk
Severity
10/34 · Low
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal