Airwatch Agent
CVE-2017-4895
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data.
AnalysisAI
Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.
Technical ContextAI
Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data. Affected products include: Vmware Airwatch Agent, Vmware Airwatch Inbox.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Airwatch Agent
View allThe VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote
Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today