Moderate

VMSA-2023-0027
6.3
2023-12-12
2023-12-12 (Initial Advisory)
CVE-2023-34064
VMware Workspace ONE Launcher updates addresses privilege escalation vulnerability. (CVE-2023-34064)
1. Impacted Products
  • VMware Workspace ONE Launcher

2. Introduction

A privilege escalation vulnerability in VMware Workspace ONE Launch was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

3. Privilege Escalation Vulnerability

Description

Workspace ONE Launcher contains a Privilege Escalation Vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.3.

Known Attack Vectors

A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.

Resolution

To remediate CVE-2023-34064 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Bartek Pszczola of Defendable for reporting this issue to us.

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VMware Workspace ONE Launcher
23.x
Android
CVE-2023-34064
moderate
23.11
N/A
None
VMware Workspace ONE Launcher
22.x
Android
CVE-2023-34064
moderate
23.11
N/A
None
4. References

Fixed Version(s) and Release Notes:

VMware Workspace ONE Launcher 23.11 Release Notes

Downloads and Documentation


https://my.workspaceone.com/products/Workspace-ONE-Launcher/Android/v23.11/awall

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/vmware-workspace-one-launcher-for-android-release-notes/index.html

 

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34064

 

FIRST CVSSv3 Calculator:

CVE-2023-34064: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

5. Change Log

2023-12-12 VMSA-2023-0027

Initial security advisory.

6. Contact

E-mail: security@vmware.com

PGP key at: 
https://kb.vmware.com/kb/1055 

VMware Security Advisories
https://www.vmware.com/security/advisories 

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html 

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html 

VMware Security & Compliance Blog  
https://blogs.vmware.com/security 

Twitter
https://twitter.com/VMwareSRC

Copyright 2023 VMware Inc. All rights reserved.