1. Summary
A vulnerability has been discovered in the TeamViewer Remote clients for Windows which allows local privilege escalation on a Windows system.
2. Vulnerability Details
|
CVE-ID |
|
|
Description |
Improper verification of cryptographic signature in the TeamViewer_service.exe component of TeamViewer Remote full client & Host prior version 15.58.4 (and additional versions listed below) for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers.
To exploit this vulnerability, an attacker needs local access to the Windows system.
The vulnerability has been fixed with version 15.58.4 and additional versions listed below. We recommend updating to the latest available version. |
|
CVSS3.1 Score |
Base Score 8.8 (High) |
|
CVSS3.1 Vector String |
|
|
Problem type |
3. Affected products and versions
|
Product
|
Versions
|
Info
|
|---|---|---|
|
TeamViewer Full Client (Windows) |
< 15.58.4 |
|
|
TeamViewer Full Client (Windows) |
< 14.7.48796 |
|
|
TeamViewer Full Client (Windows) |
< 13.2.36225 |
|
|
TeamViewer Full Client (Windows) |
< 12.0.259312 |
|
|
TeamViewer Full Client (Windows) |
< 11.0.259311 |
|
|
TeamViewer Host (Windows) |
< 15.58.4 |
|
|
TeamViewer Host (Windows) |
< 14.7.48796 |
|
|
TeamViewer Host (Windows) |
< 13.2.36225 |
|
|
TeamViewer Host (Windows) |
< 12.0.259312 |
|
|
TeamViewer Host (Windows) |
< 11.0.259311 |
4. Solutions and mitigations
Update to the latest version (15.58.4 or the latest version available)
5. Acknowledgments
We thank Peter Gabaldon (https://pgj11.com/) working with Trend Micro Zero Day Initiative for the discovery and the responsible disclosure.