TeamViewer has closed a security gap in its remote maintenance software that has been classified as critical. It would allow an attacker to establish a connection to a remote system and to explore it or to steal data such as hashed passwords – without entering login data.
According to a report by Bleeping Computer, the vulnerability with the identifier CVE-2020-13699 falls into the category “Unquoted Search Patch or Element. As a result, an application treats an argument like a direct command when it should really only be an input value.
An exploit that takes advantage of the vulnerability could be distributed via a malicious website or loaded within an iFrame that is not visible to the user. Only with the help of a specially crafted URL would an attacker then open the TeamViewer desktop client and establish a connection to a remote SMB share. Since the connection is initiated by the victim and established via SMB, the attacker does not need to know the victim’s TeamViewer password.
“Windows performs NTLM authentication when the SMB share is opened, and this query can be delayed for code execution,” said security researcher Jeffrey Hofmann, who discovered the bug. Several versions and URI handlers of the remote maintenance software are therefore affected.
TeamViewer confirmed the bug in its Windows software in a statement. The company also announced a patch. “Today we are releasing some updates for TeamViewer 8 to 15 for the Windows platform.” TeamViewer also thanked Hofmann, who had also confirmed the fix developed by TeamViewer.
TeamViewer for Windows users should update their client as soon as possible. The versions 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, 15.8.3 and newer have now been fixed.
To new heights with SkySQL, the ultimate MariaDB cloud
In this webinar we will introduce you to SkySQL, explain the architecture and explain the differences to other systems such asRDS a. You’ll also get a glimpse into the product roadmap, a live demo, and learn how you can get SkySQL up and running in minutes.