Vulnerability in TeamViewer

Languages: English. post_translations: pll_618ea121b9402. Risk Level: Medium.

Systems Affected

TeamViewer versions prior to 15.8.3

Overview

An attacker could run TeamViewer with arbitrary parameters on the targeted system.

Description

This vulnerability resides in TeamViewer due to improper quote of its custom URI handlers. TeamViewer is a program that can be used for desktop sharing, online meetings, web conferencing, and file transfer between systems. An attacker could use this vulnerability to force the program to relay an NTLM authentication request to the attacker’s system allowing for offline rainbow table attacks and brute force cracking attempts.

Attacker also could do more damage due to stolen credentials from the successful exploitation of this vulnerability.

Impact

✻ Exposing confidential information to unauthorized parties
  ✻ Disruption to your day to day operations
Solution/ Workarounds
  ✻ Apply the latest update as mentioned in the vendor advisory Statement on CVE 2020-13699
  ✻ Refrain from clicking links received from unknown or un-trusted sources
References
   

Disclaimer

The information provided herein is on “as is” basis, without warranty of any kind.