TV-2024-1007

Improper access control in the clipboard synchronization feature in TeamViewer Remote full client and TeamViewer Meeting

Bulletin ID
TV-2024-1007
Issue Date
27 sie 2024
Last Update
27 sie 2024
Priority
Moderate
CVSS
4.3 (Medium)
Assigned CVE
CVE-2024-6053
Affected Products
TeamViewer Meeting
TeamViewer full client

1. Summary

A vulnerability has been discovered in TeamViewer full client and Meeting, that can lead to unintentional sharing of the clipboard in a meeting session.

2. Vulnerability Details

CVE-ID

Description

Improper access control in the clipboard synchronization feature in TeamViewer full client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting.

The issue has been fixed with TeamViewer full client version 15.57 and in the TeamViewer Meeting versions listed below.

CVSS3.1 Score

Base Score 4.3 (Medium)

CVSS3.1 Vector String

Problem type

3. Affected products and versions

Product Versions Info

TeamViewer Meeting (Windows)

< 15.55.3

TeamViewer Meeting (macOS)

< 15.55.3

TeamViewer Meeting (Android)

< 15.44.7

TeamViewer Meeting (iOS)

< 15.57

TeamViewer Remote full client (Windows)

< 15.57.3

TeamViewer Remote full client (Linux)

< 15.57.3

TeamViewer Remote full client (macOS)

< 15.57.3

4. Solutions and mitigations

  • TeamViewer full client: Update to the latest version (15.57 or higher)
  • TeamViewer Meeting: Update to the latest version (15.55.3, or highest available version)

5. Acknowledgments

We thank Christian Ritter for the discovery and the responsible disclosure.