Remote Code Execution Flaw Detected in AWS WorkSpaces

138
Remote Code Execution Flaw Detected in AWS WorkSpaces

Researchers from Rhino Security Labs discovered a flaw in the AWS WorkSpaces desktop client that might allow an attacker to remotely execute arbitrary code.

The security flaw, tracked as CVE-2021-38112, could be exploited if a user visits a malicious WorkSpaces URI from their browser, allowing a remote attacker to execute arbitrary code on the vulnerable system.

The WorkSpaces application did not correctly sanitize parameters supplied to the command line for authentication to the Amazon service, which might enable for the execution of arbitrary commands, according to researchers at Rhino Security.

To Read More: securityweek

For more such updates follow us on Google News ITsecuritywire News