Vulnerability Details CVE-2019-7218
Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.3%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
Products affected by CVE-2019-7218
-
cpe:2.3:a:citrix:sharefile:18.13
-
cpe:2.3:a:citrix:sharefile:18.33
-
cpe:2.3:a:citrix:sharefile:18.35
-
cpe:2.3:a:citrix:sharefile:18.36
-
cpe:2.3:a:citrix:sharefile:18.37
-
cpe:2.3:a:citrix:sharefile:18.40
-
cpe:2.3:a:citrix:sharefile:18.41
-
cpe:2.3:a:citrix:sharefile:18.43
-
cpe:2.3:a:citrix:sharefile:18.46
-
cpe:2.3:a:citrix:sharefile:18.50
-
cpe:2.3:a:citrix:sharefile:19.1