CVE-2018-6968

10CRITICAL

Key Information:

Vendor: Vmware
Status: Airwatch Agent
Vendor: CVE Published:; 11 June 2018

Summary

The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.

Affected Version(s)

AirWatch Agent AirWatch Agent for Android prior to 8.2

AirWatch Agent AirWatch Agent for Windows Mobile prior to 6.5.2

References

http://www.vmware.com/security/advisories/VMSA-2018-0015....

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104441

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1041060

vdb-entryx_refsource_SECTRACK

EPSS Score

2% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

10

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 11, 2018
Vulnerability Reserved
Feb 14, 2018

.