Security Vulnerability: Public Disclosure - June 11, 2018 (CVE-2018-6968)


VMware Workspace ONE UEM currently offers a real-time File Manager for Android and Windows Mobile/CE devices, and Task/Registry Managers for Windows Mobile/CE devices. These capabilities are independent of other File & Registry Management capabilities within the AirWatch platform such as Files/Actions through Product Provisioning and the newer File Manager inside Advanced Remote Management. These legacy File, Task & Registry Management features are built upon legacy technologies and have recently been discovered to be impacted by an urgent security vulnerability.

Due to an authorization flaw in the real-time File Manager capability for Android and Windows Mobile devices and Registry Manager for Windows Mobile devices, it is possible for a remote attacker with knowledge of specific enrolled devices within an AirWatch instance to add or remove files from a device, remotely execute commands on the device, or modify or set Registry Key values for Windows Mobile devices that are configured to use AirWatch Cloud Messaging (AWCM). This vulnerability is identified by CVE-2018-6968 and is documented in VMSA-2018-0015

The attacker does not need access to the Workspace ONE UEM Console. Access to read and store files on Android devices is limited to files within the Agent sand­­box and other publicly accessible directories such as those on the SD card. Access to files on Windows Mobile/CE devices involves the entire device directory. As noted, it is additionally possible to modify the values of registry keys or kill running tasks on Windows Mobile/CE devices.


Customer Impact

This vulnerability is resolved in the latest version of the Agent for both Android and Windows Mobile/CE devices. 

  • Customers with Android devices, navigate to Settings > Devices & Users > Android > Agent Settings - "Use AWCM Instead of C2DM/GCM As Push Notification Service"
    • If the setting is disabledyou are not affected as you are using Google Cloud Messaging (GCM).
    • If the setting is enabledyou should upgrade to Agent 8.2 for Android as you are using AirWatch Cloud Messaging (AWCM).
  • Customers with Windows Mobile/CE devices should upgrade to Agent 6.5.2 for Windows Mobile.

Through mitigation of this security vulnerability, the File, Task & Registry Management capabilities built into AWCM will be disabled in current SaaS environments over the coming weeks. Additionally, this functionality will be deprecated in future releases of the Workspace ONE UEM Console.

  • To continue using File & Task Management functionality: It is recommended to utilize File Manager within Advanced Remote Management.
  • To continue using Registry Management functionality: It is recommended to provision and install registry keys (.reg files) through product provisioning.


Required Action

Customers with Android devices using AWCM should upgrade to Agent 8.2 for Android

Customers with Windows Mobile/CE devices should upgrade their devices to Agent 6.5.2 for Windows Mobile. This can be downloaded here


Support Contact Information

To receive support, either submit a ticket via My Workspace ONE portal or call your local support line.


Best Regards,

The VMware Workspace ONE Team

Other Languages: 日本語

Have more questions? Submit a request


Article is closed for comments.