Hand-Picked Top-Read Stories

Citrix Workspace App for Windows – Shortcut or Hotkey redirection

47 views

Microsoft Teams 2.1 supported for VDI/DaaS

53 views

How to keep your visual efrects settings in HDX/ICA session

42 views

Trending Tags

VMware Virtualisation

368 views

2 minute read

VMSA-2023-0006

1 March 2023

Moderate

Advisory ID:
VMSA-2023-0006

CVSSv3 Range:
6.3

Issue Date:
2023-02-28

Updated On:
2023-02-28 (Initial Advisory)

CVE(s):
CVE-2023-20857

Synopsis:
VMware Workspace ONE Content update addresses a passcode bypass vulnerability (CVE-2023-20857)

1. Impacted Products

VMware Workspace ONE Content

2. Introduction

A passcode bypass vulnerability affecting VMware Workspace ONE Content was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.

3. Passcode bypass vulnerability (CVE-2023-20857)

Description

VMware Workspace ONE Content contains a passcode bypass vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.3.

Known Attack Vectors

A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode.

Resolution

To remediate CVE-2023-20857 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

Response Matrix

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
Workspace ONE Content	Any	Android	CVE-2023-20857	6.3	moderate	23.02	None	None
Workspace ONE Content	Any	iOS	CVE-2023-20857	N/A	N/A	Unaffected	N/A	N/A

4. References

VMware Workspace ONE Content for Android Release Notes:
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/vmware-workspace-one-content-for-android-release-notes/index.html

Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20857

FIRST CVSSv3 Calculator:
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

5. Change Log

2023-02-28: VMSA-2023-0006
Initial security advisory.

6. Contact

E-mail: security@vmware.com
PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories
https://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter
https://twitter.com/VMwareSRC

Copyright 2023 VMware Inc. All rights reserved.

Read full article (vmware.com)

All content and images belong to their respected owners, this article is curated for informational purposes only.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Previous Post

Microsoft Security Header

Microsoft Security

First steps in CHERIoT Security Research

1 March 2023

Next Post

Citrix

Account URL not found error or Unknown Subdomain

1 March 2023