Vulnerability Details CVE-2021-38112
In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.285
EPSS Ranking 96.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.3
References
- https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes
- https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/
- https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes
- https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/
Products affected by CVE-2021-38112
-
cpe:2.3:a:amazon:aws_workspaces:*