high

AWS Workspace client RCE

Published Tue, Sep 21st, 2021

Platforms

Summary

If a user with AWS WorkSpaces 3.0.10-3.1.8 installed visits a page in their web browser with attacker controlled content, the attacker can get zero click RCE under common circumstances.

Affected Services

Workspaces

Remediation

Update client to 3.1.9 or higher

Tracked CVEs

CVE-2021-38112

References

https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/https://nvd.nist.gov/vuln/detail/CVE-2021-38112

Contributed by https://github.com/0xdabbad00

Disclosure Date

Tue, Sep 21st, 2021

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

David Yesland, Rhino Security

More vulnerabilities...

medium

GCP IAP bypass

Convincing a victim to click a specially crafted link would allow the attacker to bypass the Identity-Aware Proxy (a core component of BeyondCorp).

Unknown

Fri, Sep 17th, 2021

medium

Azure privilege escalation via Log Analytics role

Azure AD users could escalate their privileges using the Log Analytics Contributor role to reach the full Subscription Contributor role.

Karl Fosaaen, NetSPI

Mon, Sep 13th, 2021

medium

Org policies bypass

Allows an attacker with privileges in the account to share resources outside of the account even when an org policy restricts this, thus enabling them to backdoor their access.

Kat Traxler

Fri, Sep 10th, 2021

View all