// For flags

CVE-2023-22473

Passcode bypass on Talk-Android app

Severity Score

2.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2.

Talk-Android permite a los usuarios tener video y videollamadas de audio a través de Nextcloud en Android. Debido a la omisión del código de acceso, un atacante puede acceder a los archivos de Nextcloud del usuario y ver las conversaciones. Para aprovechar esto, el atacante necesita tener acceso físico al dispositivo del objetivo. Actualmente no hay soluciones conocidas disponibles. Se recomienda actualizar la aplicación de Android Nextcloud Talk a 15.0.2.

*Credits: N/A
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-12-29 CVE Reserved
  • 2023-01-09 CVE Published
  • 2024-08-01 EPSS Updated
  • 2024-08-02 CVE Updated
  • 2024-08-02 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-284: Improper Access Control
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Nextcloud
Search vendor "Nextcloud"
Talk
Search vendor "Nextcloud" for product "Talk"
< 15.0.2
Search vendor "Nextcloud" for product "Talk" and version " < 15.0.2"
android
Affected