CVE-2022-23242
TeamViewer Linux - Deletion command not properly executed after process crash
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.
TeamViewer Linux versiones anteriores a 15.28, no ejecutan correctamente un comando de borrado de la contraseña de conexión en caso de bloqueo del proceso. El conocimiento del evento de bloqueo y el ID de TeamViewer, así como la posesión de la contraseña de conexión anterior al bloqueo o el acceso local autenticado a la máquina, habrían permitido establecer una conexión remota al reusar la contraseña de conexión no eliminada correctamente
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-14 CVE Reserved
- 2022-03-23 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-404: Improper Resource Shutdown or Release
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.teamviewer.com/en/trust-center/security-bulletins/TV-2022-1001 | 2022-03-29 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Teamviewer Search vendor "Teamviewer" | Teamviewer Search vendor "Teamviewer" for product "Teamviewer" | < 15.28 Search vendor "Teamviewer" for product "Teamviewer" and version " < 15.28" | linux |
Affected
| ||||||