CVE-2018-6968
Summary
| CVE | CVE-2018-6968 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-06-11 22:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Vmware | Airwatch Agent | All | All | All | All |
| Application | Vmware | Airwatch Agent | All | All | All | All |
| Application | Vmware | Airwatch Agent | All | All | All | All |
| Application | Vmware | Airwatch Agent | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VMSA-2018-0015.1 | CONFIRM | www.vmware.com | Vendor Advisory |
| VMware AirWatch Agent File Manager Function Lets Remote Authenticated Users Execute Arbitrary Code on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| VMware AirWatch Agent CVE-2018-6968 Remote Code Execution Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.