Remotely alerts

<< Back

CVE ID: CVE-2022-31009

Last updated: June 29, 2022, 10:07 p.m.

Severity: MEDIUM

Description

wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between Wire users. The root cause was an unnecessary assert statement when converting an integer value into the corresponding enum value, causing an exception instead of a fallback to a default value. This issue is fixed in [wire-ios](https://github.com/wireapp/wire-ios/commit/caa0e27dbe51f9edfda8c7a9f017d93b8cfddefb) and in Wire for iOS 3.100. There is no workaround available, but users may use other Wire clients (such as the [web app](https://app.wire.com)) to continue using Wire, or upgrade their client.

Severity score: 2.9 Base score: 4.0 Exploitability score: 8.0 Confidentiality impact: NONE Integrity impact: NONE User interaction required: False Published: June 23, 2022, 7:15 a.m. Data type: CVE Data format: MITRE Assigner: security-advisories@github.com Problem type: CWE-617 Reference url: https://github.com/wireapp/wire-ios/commit/caa0e27dbe51f9edfda8c7a9f017d93b8cfddefb Reference name: https://github.com/wireapp/wire-ios/commit/caa0e27dbe51f9edfda8c7a9f017d93b8cfddefb Reference source: MISC CVE version: 2.0 Vector string: AV:N/AC:L/Au:S/C:N/I:N/A:P Access vector: NETWORK Access complexity: LOW Authentication: SINGLE Base severity: AcInsf info: False Obtain all priviledges: False User privilege: False Other privilege: False

Remotely is a azure cloud native remote monitoring and management (RMM) software that helps users, admins, and businesses contend with the IT challenges of remote worker productivity. Remotely RMM helps organizations identify and manage security thread vulnerabilities across their organizations and networks.

The purpose of Remotely Alerts is to present CVE records in a legible way. CVE are meant to help identify, define, catalogue, and present cybersecurity vulnerability information to the public.

Are you a Microsoft MVP? Did you know that all Microsoft MVPs receive Remotely RMM for free, for life? Learn more and sign up to join the Remotely community and receive early access to Remotely RMM.