CVE-2021-38112

Description from NVD

In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.

Information Acquisition Date:2021-09-30T16:40Z
CVSS 2.0: 9.3 HIGH CVSS 3.x: 8.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:M/Au:N/C:C/I:C/A:C

NVD References

 https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes
     source:MISC
     tags:Vendor Advisory    
 https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/
     source:MISC
     tags:Exploit    Third Party Advisory    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Java(1 tweets) Linux(1 tweets) Windows(4 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-worksp...276
http://twinybots.ch56
https://twitter.com/RhinoSecurity/status/14403440521430589624
https://cyberiqs.com/cve-2021-38112-aws-workspaces-remote-c...3

▼ Show Information from Twitter(306)


List of frequently cited URLs

URLNum of Times Referred to
rhinosecuritylabs.com276
twinybots.ch56
twitter.com4
cyberiqs.com3

▼ Show Information from Twitter(306)


GitHub Search Results: Up to 10
NameURL
No Data

GitHub Search Results: Up to 10
NameURL
No Data

2021/10/05 Score : 1
Added Har-sia Database : 2021/09/21
Last Modified : 2021/10/05
Highest Scored Date : 2021/09/24
Highest Score : 221