Security Bulletins

TV-2024-1007

Improper access control in the clipboard synchronization feature in TeamViewer Remote full client and TeamViewer Meeting

Bulletin ID
TV-2024-1007
Issue Date
Aug 27, 2024
Last Update
Aug 27, 2024
Priority
Moderate
CVSS
4.3 (Medium)
Assigned CVE
CVE-2024-6053
Affected Products
TeamViewer Meeting
TeamViewer full client

1. Summary

A vulnerability has been discovered in TeamViewer full client and Meeting, that can lead to unintentional sharing of the clipboard in a meeting session.

2. Vulnerability Details

CVE-ID

CVE-2024-6053

Description

Improper access control in the clipboard synchronization feature in TeamViewer full client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting.

The issue has been fixed with TeamViewer full client version 15.57 and in the TeamViewer Meeting versions listed below.

CVSS3.1 Score

Base Score 4.3 (Medium)

CVSS3.1 Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Problem type

CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

3. Affected products and versions

Product
Versions
Info

TeamViewer Meeting (Windows)

< 15.55.3

Download available

TeamViewer Meeting (macOS)

< 15.55.3

Download available

TeamViewer Meeting (Android)

< 15.44.7

Download available

TeamViewer Meeting (iOS)

< 15.57

Download available

TeamViewer Remote full client (Windows)

< 15.57.3

Download available

TeamViewer Remote full client (Linux)

< 15.57.3

Download available

TeamViewer Remote full client (macOS)

< 15.57.3

Download available

4. Solutions and mitigations

  • TeamViewer full client: Update to the latest version (15.57 or higher)
  • TeamViewer Meeting: Update to the latest version (15.55.3, or highest available version)

5. Acknowledgments

We thank Christian Ritter for the discovery and the responsible disclosure.