CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34858 – TeamViewer TVS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-34858
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://community.teamviewer.com/English/discussion/117794/august-updates-security-patches/p1 https://www.zerodayinitiative.com/advisories/ZDI-21-1001 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-34803
https://notcve.org/view.php?id=CVE-2021-34803
TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations. TeamViewer versiones anteriores a 14.7.48644 en Windows carga DLLs no confiables en determinadas situaciones • https://community.teamviewer.com/English/discussion/111147/windows-v9-0-259145 https://community.teamviewer.com/English/discussion/111149/windows-v10-0-259144 https://community.teamviewer.com/English/discussion/111150/windows-v11-0-259143 https://community.teamviewer.com/English/discussion/111151/windows-v12-0-259142 https://community.teamviewer.com/English/discussion/111152/windows-v13-2-36222 https://community.teamviewer.com/English/discussion/111153/windows-v14-2-56678 https://community.teamviewer.com/English/di • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 20%CPEs: 2EXPL: 1CVE-2020-13699 – TeamViewer Unquoted URI Handler SMB Redirect
https://notcve.org/view.php?id=CVE-2020-13699
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3. • https://github.com/Dilshan-Eranda/CVE-2020-13699 https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448 https://jeffs.sh/CVEs/CVE-2020-13699.txt • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 3CVE-2019-18988 – TeamViewer Desktop Bypass Remote Login Vulnerability
https://notcve.org/view.php?id=CVE-2019-18988
TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. • https://github.com/mr-r3b00t/CVE-2019-18988 https://github.com/reversebrain/CVE-2019-18988 https://community.teamviewer.com/t5/Announcements/Specification-on-CVE-2019-18988/td-p/82264 https://community.teamviewer.com/t5/Knowledge-Base/tkb-p/Knowledgebase?threadtype=label&labels=Security https://twitter.com/Blurbdust/status/1224212682594770946?s=20 https://whynotsecurity.com/blog/teamviewer - • CWE-521: Weak Password Requirements •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-19362
https://notcve.org/view.php?id=CVE-2019-19362
An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges. Se detectó un problema en la funcionalidad Chat de la aplicación de escritorio TeamViewer versión 14.3.4730 en Windows. • http://nestedif.com/teamviewer-vulnerability-improper-session-handling-leading-to-information-disclosure-advisory • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •