Remote Code Execution Vulnerability in VMware AirWatch Agent for Android and Windows Mobile
CVE-2018-6968
Summary
The VMware AirWatch Agent for Android versions prior to 8.2 and for Windows Mobile versions prior to 6.5.2 exhibit a vulnerability allowing unauthorized remote code execution. This issue stems from inadequately protected File Manager functionalities, enabling malicious users to create and execute files within the Agent’s sandbox environment as well as within publicly accessible directories, including those located on the device's SD card. Such capability could lead to serious security breaches if exploited by an attacker with administrative access.
Affected Version(s)
AirWatch Agent AirWatch Agent for Android prior to 8.2
AirWatch Agent AirWatch Agent for Windows Mobile prior to 6.5.2
References
EPSS Score
13% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved