Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2021-38112

Published: 22/09/2021 Updated: 30/09/2021
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Amazon

Vulnerability Summary

In the Amazon AWS WorkSpaces client 3.0.10 up to and including 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

amazon aws workspaces

Github Repositories

https://github.com/Jaikumar3/Cloud-Security-Attacks

Cloud Security - Attacks AWS Privilege Escalation to SYSTEM in AWS VPN Client rhinosecuritylabscom/aws/cve-2022-25165-aws-vpn-client/ AWS WorkSpaces Remote Code Execution rhinosecuritylabscom/aws/cve-2021-38112-aws-workspaces-rce/ Resource Injection in CloudFormation Templates rhinosecuritylabscom/aws/cloud-malware-cloudformation-injection/ Down

https://github.com/Mehedi-Babu/security_attacks_cloud

Cloud Security - Attacks AWS Privilege Escalation to SYSTEM in AWS VPN Client rhinosecuritylabscom/aws/cve-2022-25165-aws-vpn-client/ AWS WorkSpaces Remote Code Execution rhinosecuritylabscom/aws/cve-2021-38112-aws-workspaces-rce/ Resource Injection in CloudFormation Templates rhinosecuritylabscom/aws/cloud-malware-cloudformation-injection/ Down

https://github.com/CyberSecurityUP/Cloud-Security-Attacks

Azure and AWS Attacks

Cloud Security - Attacks AWS Privilege Escalation to SYSTEM in AWS VPN Client rhinosecuritylabscom/aws/cve-2022-25165-aws-vpn-client/ AWS WorkSpaces Remote Code Execution rhinosecuritylabscom/aws/cve-2021-38112-aws-workspaces-rce/ Resource Injection in CloudFormation Templates rhinosecuritylabscom/aws/cloud-malware-cloudformation-injection/ Down

References

CWE-88https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-noteshttps://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/https://nvd.nist.govhttps://github.com/Jaikumar3/Cloud-Security-Attackshttps://github.com/CyberSecurityUP/Cloud-Security-Attacks
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook