VMSA-2023-0027

VMware Security Advisory

Moderate

Advisory ID:
VMSA-2023-0027

CVSSv3 Range:
6.3

Issue Date:
2023-12-12

Updated On:
2023-12-12 (Initial Advisory)

CVE(s):
CVE-2023-34064

Synopsis:
VMware Workspace ONE Launcher updates addresses privilege escalation vulnerability. (CVE-2023-34064)

1. Impacted Products

VMware Workspace ONE Launcher

2. Introduction

A privilege escalation vulnerability in VMware Workspace ONE Launch was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

3. Privilege Escalation Vulnerability

Description

Workspace ONE Launcher contains a Privilege Escalation Vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.3.

Known Attack Vectors

A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.

Resolution

To remediate CVE-2023-34064 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Bartek Pszczola of Defendable for reporting this issue to us.

Response Matrix

Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation

VMware Workspace ONE Launcher

23.x

Android

CVE-2023-34064

6.3

moderate

23.11

N/A

None

VMware Workspace ONE Launcher

22.x

Android

CVE-2023-34064

6.3

moderate

23.11

N/A

None

4. References

Fixed Version(s) and Release Notes:
VMware Workspace ONE Launcher 23.11 Release Notes
Downloads and Documentation
https://my.workspaceone.com/products/Workspace-ONE-Launcher/Android/v23.11/awall
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/vmware-workspace-one-launcher-for-android-release-notes/index.html
 
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34064
 
FIRST CVSSv3 Calculator:
CVE-2023-34064: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

5. Change Log

2023-12-12 VMSA-2023-0027
Initial security advisory.

6. Contact

E-mail: security@vmware.com
PGP key at:  https://kb.vmware.com/kb/1055 
VMware Security Advisories https://www.vmware.com/security/advisories 
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html 
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html 
VMware Security & Compliance Blog   https://blogs.vmware.com/security 
Twitter https://twitter.com/VMwareSRC
Copyright 2023 VMware Inc. All rights reserved.

CLICK FOR MORE INFORMATION