TeamViewer versions prior to 15.8.3
An attacker could run TeamViewer with arbitrary parameters on the targeted system.
This vulnerability resides in TeamViewer due to improper quote of its custom URI handlers. TeamViewer is a program that can be used for desktop sharing, online meetings, web conferencing, and file transfer between systems. An attacker could use this vulnerability to force the program to relay an NTLM authentication request to the attacker’s system allowing for offline rainbow table attacks and brute force cracking attempts.
Attacker also could do more damage due to stolen credentials from the successful exploitation of this vulnerability.
✻ Exposing confidential information to unauthorized parties
✻ Disruption to your day to day operations
✻ Apply the latest update as mentioned in the vendor advisory https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
✻ Refrain from clicking links received from unknown or un-trusted sources
The information provided herein is on “as is” basis, without warranty of any kind.