Workspace One Tunnel
Monthly
Local privilege escalation in Omnissa Workspace ONE Tunnel for Windows lets an authenticated low-privileged local user abuse a path-traversal weakness (CWE-22) to gain higher (likely SYSTEM) privileges on the endpoint. The flaw affects the Windows Tunnel client used for per-app VPN in Workspace ONE managed fleets; no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is high across confidentiality, integrity, and availability, but exploitation is confined to attackers who already have a local foothold on the machine.
Local privilege escalation in Omnissa Workspace ONE Tunnel for Windows lets an authenticated low-privileged local user abuse a path-traversal weakness (CWE-22) to gain higher (likely SYSTEM) privileges on the endpoint. The flaw affects the Windows Tunnel client used for per-app VPN in Workspace ONE managed fleets; no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is high across confidentiality, integrity, and availability, but exploitation is confined to attackers who already have a local foothold on the machine.