CVE-2021-38112

Description from NVD

In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.

Information Acquisition Date:2021-09-30T16:40Z
CVSS 2.0: 9.3 HIGH CVSS 3.x: 8.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:M/Au:N/C:C/I:C/A:C

NVD References

 https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes
     source:MISC
     tags:Vendor Advisory    
 https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/
     source:MISC
     tags:Exploit    Third Party Advisory    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
http://twinybots.ch43
https://twitter.com/RhinoSecurity/status/14403440521430589624
https://cyberiqs.com/cve-2021-38112-aws-workspaces-remote-c...3
https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-worksp...3

Information from Twitter

User URL Info Source Date
VulmonFeeds http://vulmon.com/vulnerabilitydetails?qid=CVE-2021-38112 Source VulmonFeeds      1467256436170366976 2021/12/05

List of frequently cited URLs

URLNum of Times Referred to
twinybots.ch43
twitter.com4
cyberiqs.com3
rhinosecuritylabs.com3

Information from Twitter

User URL Info Source
VulmonFeeds vulmon.com Show Tweet
GitHub Search Results: Up to 10
NameURL
No Data
GitHub Search Results: Up to 10
NameURL
No Data
2021/12/05 Score : 1
Added Har-sia Database : 2021/09/21
Last Modified : 2021/12/05
Highest Scored Date : 2021/09/24
Highest Score : 221