CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11769
https://notcve.org/view.php?id=CVE-2019-11769
An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user context to intercept them in cleartext within process memory. By using this technique, a local attacker is able to obtain administrative credentials in order to elevate privileges. This vulnerability can be exploited by injecting code into Teamviewer.exe which intercepts calls to GetWindowTextW and logs the processed credentials. • https://blog.to.com/advisory-teamviewer-cve-2019-11769-2 https://community.teamviewer.com/t5/Knowledge-Base/tkb-p/Knowledgebase?type=label&labels=Security • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16550
https://notcve.org/view.php?id=CVE-2018-16550
TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN. TeamViewer, desde las versiones 10.x hasta las 13.x, permite que atacantes remotos omitan el mecanismo de protección de autenticación por fuerza bruta saltando el paso "Cancel", lo que facilita la adivinación del valor correcto del PIN de 4 dígitos por defecto. • https://twitter.com/vah_13/status/1036894081350291457 •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14333
https://notcve.org/view.php?id=CVE-2018-14333
TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which TeamViewer has disconnected but remains running. TeamViewer hasta la versión 13.1.1548 almacena una contraseña en formato Unicode en la memoria del proceso TeamViewer.exe entre los delimitadores "[00 88]" y "[00 00 00]", lo que podría facilitar que los atacantes obtengan información sensible aprovechando una estación de trabajo sin atender en la que TeamViewer se ha desconectado, pero sigue en ejecución. • https://github.com/vah13/extractTVpasswords • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 2%CPEs: 5EXPL: 2CVE-2010-3128 – TeamViewer 5.0.8703 - 'dwmapi.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3128
Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file. Vulnerabilidad de ruta de búsqueda no confiable en TeamViewer v5.0.8703 y anteriores permite a usuarios locales, y puede que atacantes remotos, ejecutar código de su elección y producir un ataque de secuestro de DLL, a través de un troyano dwmapi.dll que está ubicado en la misma carpeta que un fichero .tvs o .tvc. • https://www.exploit-db.com/exploits/14734 http://secunia.com/advisories/41112 http://www.exploit-db.com/exploits/14734 http://www.securityfocus.com/archive/1/513317/100/0/threaded http://www.vupen.com/english/advisories/2010/2174 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6773 •