Issue with Amazon WorkSpaces and AppStream 2.0 Clients
Published Wed, Jan 15th, 2025
Platforms
Summary
AWS identified two vulnerabilities in specific versions of native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV. These issues could allow man-in-the-middle attacks, potentially giving attackers access to remote sessions. Affected versions include WorkSpaces clients 5.20.0 or earlier, AppStream 2.0 Windows client 1.1.1326 or earlier, and various DCV clients. AWS recommends upgrading to patched versions to address these security concerns.
Affected Services
Amazon WorkSpaces, Amazon AppStream 2.0, Amazon DCV
Remediation
Upgrade to the following versions or later: - WorkSpaces: Windows/macOS 5.21.0+, Linux 2024.2+ - AppStream 2.0: Windows 1.1.1332+ - DCV: Windows 2023.1.9127+, macOS/Linux 2023.1.6703+ For CVE-2025-0501 (PCoIP): Upgrade WorkSpaces clients to 5.22.1+ or Android 5.0.1+
Tracked CVEs
CVE-2025-0500, CVE-2025-0501
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
-
Exploitability Period
Until 2025/01/15
Known ITW Exploitation
-
Detection Methods
Check client versions of Amazon WorkSpaces, AppStream 2.0, and DCV. If using versions listed as affected, upgrade immediately to mitigate potential man-in-the-middle attacks.
Piercing Index Rating
-
Discovered by
AWS
