Moderate
VMSA-2023-0027
6.3
2023-12-12
2023-12-12 (Initial Advisory)
CVE-2023-34064
VMware Workspace ONE Launcher updates addresses privilege escalation vulnerability. (CVE-2023-34064)
1. Impacted Products
VMware Workspace ONE Launcher
2. Introduction
A privilege escalation vulnerability in VMware Workspace ONE Launch was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
3. Privilege Escalation Vulnerability
Description
Workspace ONE Launcher contains a Privilege Escalation Vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.3.
Known Attack Vectors
A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.
Resolution
To remediate CVE-2023-34064 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Bartek Pszczola of Defendable for reporting this issue to us.
Response Matrix
4. References
Fixed Version(s) and Release Notes:
VMware Workspace ONE Launcher 23.11 Release Notes
Downloads and Documentation
https://my.workspaceone.com/products/Workspace-ONE-Launcher/Android/v23.11/awall
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34064
FIRST CVSSv3 Calculator:
CVE-2023-34064: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
5. Change Log
2023-12-12 VMSA-2023-0027
Initial security advisory.
6. Contact
E-mail: security@vmware.com
PGP key at:
https://kb.vmware.com/kb/1055
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Twitter
https://twitter.com/VMwareSRC
Copyright 2023 VMware Inc. All rights reserved.
Read full article (vmware.com)
All content and images belong to their respected owners, this article is curated for informational purposes only.