CVE-2024-7479 – Improper signature verification of VPN driver installation in TeamViewer Remote Clients
https://notcve.org/view.php?id=CVE-2024-7479
Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service, which listens on TCP port 5939 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481 https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1006 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2024-7481 – Improper signature verification of Printer driver installation in TeamViewer Remote Clients
https://notcve.org/view.php?id=CVE-2024-7481
Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service, which listens on TCP port 5939 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481 https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1006 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2024-6053 – Improper access control in the clipboard synchronization feature
https://notcve.org/view.php?id=CVE-2024-6053
Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting. • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1007 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVE-2024-2451 – Improper fingerprint validation in the TeamViewer Client
https://notcve.org/view.php?id=CVE-2024-2451
Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading. La validación inadecuada de huellas dactilares en TeamViewer Client (Full & Host) anterior a la versión 15.54 para Windows y macOS permite a un atacante con derechos de usuario administrativo elevar aún más los privilegios mediante la descarga de archivos ejecutables. • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1004 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2024-0819 – Incomplete protection of personal password settings
https://notcve.org/view.php?id=CVE-2024-0819
Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account. La inicialización incorrecta de la configuración predeterminada en TeamViewer Remote Client, versión anterior a 15.51.5 para Windows, Linux y macOS, permite a un usuario con pocos privilegios elevar sus privilegios cambiando la configuración de la contraseña personal y estableciendo una conexión remota a una cuenta de administrador que haya iniciado sesión. • https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2024-1001 • CWE-269: Improper Privilege Management •