PT-2022-2059 · Teamviewer · Teamviewer
Weaponshotgun
+1
·
Published
2022-01-14
·
Updated
2022-03-29
·
CVE-2022-23242
CVSS v3.1
6.3
Medium
| Vector | AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TeamViewer Linux versions prior to 15.28
Description
The issue is related to improper execution of a deletion command for the connection password in case of a process crash. An attacker could establish a remote connection by reusing the not properly deleted connection password if they have knowledge of the crash event, the TeamViewer ID, and either possession of the pre-crash connection password or local authenticated access to the machine. The vulnerability is also associated with resource release errors, which could allow an attacker to elevate their privileges.
Recommendations
For TeamViewer Linux versions prior to 15.28, update to version 15.28 or later to resolve the issue. As a temporary workaround, consider restricting local authenticated access to the machine and ensuring that connection passwords are securely managed to minimize the risk of exploitation.
Fix
Improper Access Control
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Teamviewer