1. Summary

A vulnerability has been found in the TeamViewer Remote client between version 15.41 and 15.42.7 that allows an unprivileged user to make unwanted changes to the basic local device settings. This only affects users who configured options to be locked. The bug has been fixed with version 15.42.8. We recommend users relying on this feature to update the TeamViewer Remote client as soon as possible

2. Vulnerability Details

CVE-ID	CVE-2023-0837
————————–	——————————————————————————————————————
Description	In TeamViewer Remote between version 15.41 and 15.42.7 the basic device settings can be accessed by users even if these have been locked by the administrator. An unprivileged user with access to the device can change the basic settings, which can result in unwanted changes to the configuration. This does not apply to advanced settings, which have always been properly protected if options were locked.
————————–	——————————————————————————————————————
CVSS3.0 Score	Base Score 6.6 (medium)
————————–	——————————————————————————————————————
CVSS3.0 Vector String	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
————————–	——————————————————————————————————————
Problem type	CWE-285: Improper Authorization

 

3. Affected products & versions

Product	Versions	Info
————————–	————————————–	————————————————————————–
TeamViewer Remote Client	15.41 – 15.42.7	Update available
————————–	————————————–	————————————————————————–

4. Solutions & mitigations

Update to the latest version (15.42.8 or higher)

5. Additional Resources

Protect TeamViewer options:

https://community.teamviewer.com/English/kb/articles/109271-protect-teamviewer-options

Download resources:

https://www.teamviewer.com/en/download/

6. Acknowledgments

We thank Paul Curran (iFacility) very much for his contribution and responsible behavior.