high

AWS Workspace client RCE

Published Tue, Sep 21st, 2021

Platforms

Summary

If a user with AWS WorkSpaces 3.0.10-3.1.8 installed visits a page in their web browser with attacker controlled content, the attacker can get zero click RCE under common circumstances.

Affected Services

Workspaces

Remediation

Update client to 3.1.9 or higher

Tracked CVEs

CVE-2021-38112

References

https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/https://nvd.nist.gov/vuln/detail/CVE-2021-38112

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Tue, Sep 21st, 2021

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

David Yesland, Rhino Security

More vulnerabilities...

high

AWS Workspace client RCE

If a user with AWS WorkSpaces 3.0.10-3.1.8 installed visits a page in their web browser with attacker controlled content, the attacker can get zero click RCE under common circumstances.

David Yesland, Rhino Security

Tue, Sep 21st, 2021

high

AWS Workspace client RCE

If a user with AWS WorkSpaces 3.0.10-3.1.8 installed visits a page in their web browser with attacker controlled content, the attacker can get zero click RCE under common circumstances.

David Yesland, Rhino Security

Tue, Sep 21st, 2021

high

AWS Workspace client RCE

If a user with AWS WorkSpaces 3.0.10-3.1.8 installed visits a page in their web browser with attacker controlled content, the attacker can get zero click RCE under common circumstances.

David Yesland, Rhino Security

Tue, Sep 21st, 2021

View all