Published: 11/06/2018 Updated: 03/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The VMware AirWatch Agent for Android before 8.2 and AirWatch Agent for Windows Mobile before 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware airwatch agent

VMware’s remote management agent allows remote execution

The Register • Simon Sharwood • 12 Jun 2018

AirWatch Cloud Messaging to lose remote file-wrangling functions

VMware’s warned that the agent used by its AirWatch mobile device management product has a vulnerability that could allow remote control of mobile devices running Android or Windows Mobile, so will deprecate the features that allowed the attack. The critical-rated CVE-2018-6968 details a vulnerability that “may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.” The...

CVE-2018-6968

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect