Executive Summary

Summary
Title- AirWatch updates address bypass of root detection and local data encryption
Informations
NameVMSA-2017-0001First vendor Publication2017-01-30
VendorVMwareLast vendor Modification2017-01-30
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base ScoreN/AAttack RangeN/A
Cvss Impact ScoreN/AAttack ComplexityN/A
Cvss Expoit ScoreN/AAuthenticationN/A
Calculate full CVSS 2.0 Vectors scores

Detail

a. Root detection bypass

Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection during enrollment. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data.

VMware would like to thank Finn Steglich from SySS GmbH for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4895 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

b. Local data encryption bypass

Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.

VMware would like to thank Finn Steglich from SySS GmbH for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4896 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2017-0001.html

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2017-01-31 00:23:30
  • First insertion