TV-2024-1006

Improper signature verification of driver installation in TeamViewer Remote clients

Bulletin ID
TV-2024-1006
Issue Date
25 thg 9, 2024
Last Update
25 thg 9, 2024
Priority
Important
CVSS
8.8 (High)
Assigned CVE
CVE-2024-7479, CVE-2024-7481
Affected Products
TeamViewer Remote
TeamViewer Tensor

1. Summary

A vulnerability has been discovered in the TeamViewer Remote clients for Windows which allows local privilege escalation on a Windows system.

2. Vulnerability Details

CVE-ID

Description

Improper verification of cryptographic signature in the TeamViewer_service.exe component of TeamViewer Remote full client & Host prior version 15.58.4 (and additional versions listed below) for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers.

 

To exploit this vulnerability, an attacker needs local access to the Windows system.  

 

The vulnerability has been fixed with version 15.58.4 and additional versions listed below. We recommend updating to the latest available version.

CVSS3.1 Score

Base Score 8.8 (High)

CVSS3.1 Vector String

Problem type

3. Affected products and versions

Product Versions Info

TeamViewer Full Client (Windows)

< 15.58.4

TeamViewer Full Client (Windows)

< 14.7.48796

TeamViewer Full Client (Windows)

< 13.2.36225

TeamViewer Full Client (Windows)

< 12.0.259312

TeamViewer Full Client (Windows)

< 11.0.259311

TeamViewer Host (Windows)

< 15.58.4

TeamViewer Host (Windows)

< 14.7.48796

TeamViewer Host (Windows)

< 13.2.36225

TeamViewer Host (Windows)

< 12.0.259312

TeamViewer Host (Windows)

< 11.0.259311

4. Solutions and mitigations

Update to the latest version (15.58.4 or the latest version available)

5. Acknowledgments

We thank Peter Gabaldon (https://pgj11.com/) working with Trend Micro Zero Day Initiative for the discovery and the responsible disclosure.