CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2024-7479 – Improper signature verification of VPN driver installation in TeamViewer Remote Clients
https://notcve.org/view.php?id=CVE-2024-7479
Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service, which listens on TCP port 5939 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481 https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1006 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2024-7481 – Improper signature verification of Printer driver installation in TeamViewer Remote Clients
https://notcve.org/view.php?id=CVE-2024-7481
Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service, which listens on TCP port 5939 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481 https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1006 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6053 – Improper access control in the clipboard synchronization feature
https://notcve.org/view.php?id=CVE-2024-6053
Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting. • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1007 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0819 – Incomplete protection of personal password settings
https://notcve.org/view.php?id=CVE-2024-0819
Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account. La inicialización incorrecta de la configuración predeterminada en TeamViewer Remote Client, versión anterior a 15.51.5 para Windows, Linux y macOS, permite a un usuario con pocos privilegios elevar sus privilegios cambiando la configuración de la contraseña personal y estableciendo una conexión remota a una cuenta de administrador que haya iniciado sesión. • https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2024-1001 • CWE-269: Improper Privilege Management •