Security Bulletins

TV-2024-1002

Improper symlink resolution in TeamViewer Remote client for macOS

Bulletin ID
TV-2024-1002
Issue Date
Mar 26, 2024
Last Update
Mar 26, 2024
Priority
Moderate
CVSS
7.1 (high)
Assigned CVE
CVE-2024-1933
Affected Products
TeamViewer Remote client

1. Summary

A symlink vulnerability has been found in TeamViewer client for macOS prior version 15.52. The vulnerability has been fixed with version 15.52.

2. Vulnerability Details

CVE-ID

CVE-2024-1933

Description

It was discovered that the Teamviewer client prior Version 15.52 for macOS is vulnerable to a symlink attack. An attacker with unprivileged access to the system could potentially elevate privileges or conduct a denial-service-attack. The vulnerability has been fixed with version 15.52. We strongly recommend users to update their TeamViewer macOS clients immediately.

CVSS3.0 Score

Base Score 7.1 (High)

CVSS3.1 Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Problem type

CWE-61: UNIX Symbolic Link (Symlink) Following

3. Affected products & versions

Product
Versions
Info

Teamviewer Remote client

< 15.52

Update available

4. Solutions and mitigations

Update to the latest version of TeamViewer client for macOS (15.52 or higher).

Do you want to report a security issue?

TeamViewer’s security team will investigate every submission in our Vulnerability Disclosure Program.