CVE-2019-7218

EUVD-2019-16762
Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
citrixsharefile
𝑥
≤ 19.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.sk-it.com/en/cve.html
http://www.sk-it.com/en/cve.html