high

AWS Workspace client RCE

Published Tue, Sep 21st, 2021
Platforms

Summary

If a user with AWS WorkSpaces 3.0.10-3.1.8 installed visits a page in their web browser with attacker controlled content, the attacker can get zero click RCE under common circumstances.

Affected Services

Workspaces

Remediation

Update client to 3.1.9 or higher

Tracked CVEs

CVE-2021-38112

References

Disclosure Date
Tue, Sep 21st, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
David Yesland, Rhino Security