Peter Gabaldon

**Name of the Vulnerable Software and Affected Versions** CashDro 3 version 24.01.00.26 **Description** The web administration panel allows the use of numeric PINs for user authentication to maintain compatibility with POS software integrations deployed since 2012. This implementation enables attackers to perform brute-force attacks by attempting various PINs without triggering an account lockout. Successful exploitation can lead to unauthorized access to confidential configuration settings. **Recommendations** For version 24.01.00.26, disable the use of numeric PINs for authentication or implement account lockout mechanisms to prevent brute-force attempts.

**Name of the Vulnerable Software and Affected Versions** CashDro 3 version 24.01.00.26 **Description** The web administration panel contains an authorization bypass due to a lack of backend authorization controls, which relies solely on the frontend for security. An attacker can escalate privileges and gain full administrative access by modifying the binary string in the `Permissions` field of the JSON response. This allows all restrictions to be bypassed and compromises system management. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TeamViewer Remote Clients versions prior to 15.58.4 for Windows **Description** The issue is related to improper verification of cryptographic signature during the installation of a VPN driver via the TeamViewer service.exe component. This allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. The vulnerability is actively exploited. **Recommendations** For TeamViewer Remote Clients versions prior to 15.58.4 for Windows, update to version 15.58.4 or later to resolve the issue. As a temporary workaround, consider disabling the TeamViewer service.exe component until a patch is applied. Restrict access to the TeamViewer service.exe component to minimize the risk of exploitation. Avoid using the VPN driver installation feature in TeamViewer until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TeamViewer Remote Clients versions prior to 15.58.4 **Description** The issue is related to improper verification of cryptographic signatures during the installation of a printer driver via the TeamViewer service.exe component. This allows an attacker with local unprivileged access on a Windows system to elevate their privileges. The vulnerability can be exploited to install drivers, potentially leading to further system compromise. **Recommendations** For versions prior to 15.58.4, update to version 15.58.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the TeamViewer service.exe component until a patch is applied. Additionally, avoid installing any printer drivers via this component until the issue is resolved.