Vulnerability-Lookup

CNVD-2017-33975

Vulnerability from cnvd - Published: 2017-11-15

Title

VMware AirWatch Launcher for Android UI权限提升漏洞

Description

VMware AirWatch是美国威睿（VMware）公司的一套企业移动化管理解决方案。VMware AirWatch Launcher for Android是其中的一个基于Android平台的启动器。基于Android平台的VMware AirWatch Launcher 3.2.2之前的版本中存在提权漏洞。远程攻击者可利用该漏洞在受影响的系统上获取提升的权限。

Severity

高

Patch Name

VMware AirWatch Launcher for Android UI权限提升漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://www.vmware.com/security/advisories/VMSA-2017-0016.html

Reference

https://www.vmware.com/security/advisories/VMSA-2017-0016.html

Impacted products

Name
VMware AirWatch Launcher <3.2.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-4932"
    }
  },
  "description": "VMware AirWatch\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u79fb\u52a8\u5316\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002VMware AirWatch Launcher for Android\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u542f\u52a8\u5668\u3002\r\n\r\n\u57fa\u4e8eAndroid\u5e73\u53f0\u7684VMware AirWatch Launcher 3.2.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u4e0a\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002",
  "discovererName": "VMware",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.vmware.com/security/advisories/VMSA-2017-0016.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-33975",
  "openTime": "2017-11-15",
  "patchDescription": "VMware AirWatch\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u79fb\u52a8\u5316\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002VMware AirWatch Launcher for Android\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u542f\u52a8\u5668\u3002\r\n\r\n\u57fa\u4e8eAndroid\u5e73\u53f0\u7684VMware AirWatch Launcher 3.2.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u4e0a\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware AirWatch Launcher for Android UI\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "VMware AirWatch Launcher \u003c3.2.2"
  },
  "referenceLink": "https://www.vmware.com/security/advisories/VMSA-2017-0016.html",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-10",
  "title": "VMware AirWatch Launcher for Android UI\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2017-4932 (GCVE-0-2017-4932)

Vulnerability from cvelistv5 – Published: 2017-11-16 21:00 – Updated: 2024-09-16 20:47

Summary

VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege.

Severity ?

No CVSS data available.

CWE

Privilege escalation

Assigner

vmware

References

3 references

URL	Tags
http://www.securitytracker.com/id/1039750	vdb-entryx_refsource_SECTRACK
https://www.vmware.com/us/security/advisories/VMS…	x_refsource_CONFIRM
http://www.securityfocus.com/bid/101771	vdb-entryx_refsource_BID

Impacted products

1 product

Vendor	Product	Version
VMware	VMware AirWatch Launcher for Android (AWL)	Affected: before 3.2.2

Date Public ?

2017-11-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:47:43.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039750",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039750"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html"
          },
          {
            "name": "101771",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101771"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "VMware AirWatch Launcher for Android (AWL)",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "before 3.2.2"
            }
          ]
        }
      ],
      "datePublic": "2017-11-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-17T10:57:01.000Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "name": "1039750",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039750"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html"
        },
        {
          "name": "101771",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101771"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "DATE_PUBLIC": "2017-11-08T00:00:00",
          "ID": "CVE-2017-4932",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "VMware AirWatch Launcher for Android (AWL)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 3.2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "VMware"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039750",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039750"
            },
            {
              "name": "https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html"
            },
            {
              "name": "101771",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101771"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2017-4932",
    "datePublished": "2017-11-16T21:00:00.000Z",
    "dateReserved": "2016-12-26T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:47:52.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-33975

CVE-2017-4932 (GCVE-0-2017-4932)

Tags

Sightings

Nomenclature