PT-2018-12448 · Teamviewer · Teamviewer

Vah13

Published

2018-07-17

Updated

2018-09-17

CVE-2018-14333

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TeamViewer versions prior to 13.1.1548

Description The issue allows attackers to potentially obtain sensitive information by leveraging an unattended workstation on which TeamViewer has disconnected but remains running. This is due to the storage of a password in Unicode format within the TeamViewer.exe process memory.

Recommendations For versions prior to 13.1.1548, update to version 13.1.1548 or later to resolve the issue. As a temporary workaround, consider restricting access to workstations where TeamViewer is running to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-14333

Affected Products

Teamviewer

PT-2018-12448 · Teamviewer · Teamviewer

CVE-2018-14333

Weakness Enumeration

Related Identifiers

Affected Products

References · 3