Primary

Context

Amazon WorkSpaces Native Client Man-in-the-Middle Vulnerability

Vulnerability

Patched

A man-in-the-middle vulnerability has been identified in the native clients for Amazon WorkSpaces, specifically when using the PCoIP protocol. This issue allows an attacker to intercept and access remote WorkSpaces sessions. The vulnerability affects the Windows, macOS, Linux, and Android clients of Amazon WorkSpaces.

Impact

Exploitation of this vulnerability could lead to unauthorized access to remote WorkSpaces sessions, allowing an attacker to intercept and potentially manipulate the session's content.

Remediation

Users can upgrade to the Amazon WorkSpaces Windows client version 5.22.1 or later, the macOS client version 5.22.1 or later, the Linux client version 2024.6 or later, or the Android client version 5.0.1 or later. Instructions for downloading the latest versions are available on the AWS website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Amazon WorkSpaces Native Client Man-in-the-Middle Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Amazon WorkSpaces

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating