TV-2024-1007

Security Bulletins

Bulletin ID: TV-2024-1007
Issue Date: 27 ago. 2024
Last Update: 27 ago. 2024
Prioridad: mediano
CVSS: 4.3 (Medium)
Assigned CVE: CVE-2024-6053
Affected Products: TeamViewer Meeting; TeamViewer full client

1. Summary

A vulnerability has been discovered in TeamViewer full client and Meeting, that can lead to unintentional sharing of the clipboard in a meeting session.

2. Vulnerability Details

CVE-ID	CVE-2024-6053
Description	Improper access control in the clipboard synchronization feature in TeamViewer full client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting. The issue has been fixed with TeamViewer full client version 15.57 and in the TeamViewer Meeting versions listed below.
CVSS3.1 Score	Base Score 4.3 (Medium)
CVSS3.1 Vector String	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Problem type	CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

3. Affected products and versions

Product	Versions	Info
TeamViewer Meeting (Windows)	< 15.55.3	Download available
TeamViewer Meeting (macOS)	< 15.55.3	Download available
TeamViewer Meeting (Android)	< 15.44.7	Download available
TeamViewer Meeting (iOS)	< 15.57	Download available
TeamViewer Remote full client (Windows)	< 15.57.3	Download available
TeamViewer Remote full client (Linux)	< 15.57.3	Download available
TeamViewer Remote full client (macOS)	< 15.57.3	Download available

4. Solutions and mitigations

TeamViewer full client: Update to the latest version (15.57 or higher)
TeamViewer Meeting: Update to the latest version (15.55.3, or highest available version)

5. Acknowledgments

We thank Christian Ritter for the discovery and the responsible disclosure.