Giuliano Sanfins

Name of the Vulnerable Software and Affected Versions: TeamViewer versions prior to 15.67 Description: The issue is related to an incorrect permission assignment for a critical resource in the TeamViewer Client, allowing a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via the MSI rollback mechanism. This vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management. It is estimated that over 15,000 instances are affected. Recommendations: For versions prior to 15.67, update to version 15.67 or later to resolve the issue. As a temporary workaround, consider restricting access to the Remote Management features: Backup, Monitoring, and Patch Management, until a patch is available. Avoid using the vulnerable MSI rollback mechanism in the affected TeamViewer Client versions.