Security News > 2020 > August > TeamViewer flaw could be exploited to crack users’ password

TeamViewer flaw could be exploited to crack users’ password
2020-08-06 09:48

A high-risk vulnerability in TeamViewer for Windows could be exploited by remote attackers to crack users' password and lead to further system exploitation.

TeamViewer is an application developed by German company TeamViewer GmbH and is available for Windows, macOS, Linux, Chrome OS, iOS, Android, Windows RT Windows Phone 8 and BlackBerry operating systems.

CVE-2020-13699 is a security weakness arising from an unquoted search path or element - more specifically, it's due to the application not properly quoting its custom URI handlers - and could be exploited when the system with a vulnerable version of TeamViewer installed visits a maliciously crafted website.

"An attacker could embed a malicious iframe in a website with a crafted URL that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share," explained Jeffrey Hofmann, a security engineer with Praetorian, who discovered and responsibly disclosed the flaw.

According to the company, the vulnerability affects TeamViewer versions 8 through 15 for the Windows platform.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/c4pu1mChmr4/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-07-29 CVE-2020-13699 Argument Injection or Modification vulnerability in Teamviewer
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers.
network
low complexity
teamviewer CWE-88
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Teamviewer 3 1 5 8 1 15