TeamViewer for Windows Vulnerability Let Attackers Escalate Privileges
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
TeamViewer’s Remote client software for Windows has discovered a critical security vulnerability. This vulnerability could potentially allow attackers to elevate their privileges on affected systems.
The flaw, identified as CVE-2024-7479 and CVE-2024-7481, affects multiple versions of TeamViewer’s Windows Remote full client and Remote Host products.
The vulnerability stems from improper verification of cryptographic signatures in the TeamViewer_service.exe component.
This weakness could enable an attacker with local, unprivileged access to a Windows system to escalate their privileges and install drivers. The severity of this flaw is underscored by its high CVSS3.1 base score of 8.8.
Affected versions include TeamViewer Remote full client and Remote Host for Windows versions earlier than 15.58.4 and several older major versions dating back to version 11.
TeamViewer has addressed the issue in version 15.58.4 and is urging all users to update to the latest available version immediately.
Certainly. Here’s a markdown table of the affected products and versions based on the information provided:
ProductAffected VersionsTeamViewer Remote Full Client (Windows)< 15.58.4TeamViewer Remote Full Client (Windows)< 14.7.48796TeamViewer Remote Full Client (Windows)< 13.2.36225TeamViewer Remote Full Client (Windows)< 12.0.259312TeamViewer Remote Full Client (Windows)< 11.0.259311TeamViewer Remote Host (Windows)< 15.58.4TeamViewer Remote Host (Windows)< 14.7.48796TeamViewer Remote Host (Windows)< 13.2.36225TeamViewer Remote Host (Windows)< 12.0.259312TeamViewer Remote Host (Windows)< 11.0.259311
Security researcher Peter Gabaldon, working in collaboration with Trend Micro’s Zero Day Initiative, discovered this vulnerability. TeamViewer has thanked Gabaldon for responsibly disclosing the flaw, allowing them to develop and release a patch.
Given the widespread use of TeamViewer in both corporate and personal settings, users must take immediate action. Updating to the latest version is the recommended solution to mitigate the risk posed by this vulnerability.
As remote work continues to be prevalent, ensuring the security of remote access tools remains paramount for organizations and individuals alike.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
TeamViewer for Windows Vulnerability Let Attackers Escalate Privileges
Author: Guru BaranTeamViewer’s Remote client software for Windows has discovered a critical security vulnerability. This vulnerability could potentially allow attackers to elevate their privileges on affected systems.
The flaw, identified as CVE-2024-7479 and CVE-2024-7481, affects multiple versions of TeamViewer’s Windows Remote full client and Remote Host products.
The vulnerability stems from improper verification of cryptographic signatures in the TeamViewer_service.exe component.
This weakness could enable an attacker with local, unprivileged access to a Windows system to escalate their privileges and install drivers. The severity of this flaw is underscored by its high CVSS3.1 base score of 8.8.
Affected versions include TeamViewer Remote full client and Remote Host for Windows versions earlier than 15.58.4 and several older major versions dating back to version 11.
TeamViewer has addressed the issue in version 15.58.4 and is urging all users to update to the latest available version immediately.
Certainly. Here’s a markdown table of the affected products and versions based on the information provided:
ProductAffected VersionsTeamViewer Remote Full Client (Windows)< 15.58.4TeamViewer Remote Full Client (Windows)< 14.7.48796TeamViewer Remote Full Client (Windows)< 13.2.36225TeamViewer Remote Full Client (Windows)< 12.0.259312TeamViewer Remote Full Client (Windows)< 11.0.259311TeamViewer Remote Host (Windows)< 15.58.4TeamViewer Remote Host (Windows)< 14.7.48796TeamViewer Remote Host (Windows)< 13.2.36225TeamViewer Remote Host (Windows)< 12.0.259312TeamViewer Remote Host (Windows)< 11.0.259311
Security researcher Peter Gabaldon, working in collaboration with Trend Micro’s Zero Day Initiative, discovered this vulnerability. TeamViewer has thanked Gabaldon for responsibly disclosing the flaw, allowing them to develop and release a patch.
Given the widespread use of TeamViewer in both corporate and personal settings, users must take immediate action. Updating to the latest version is the recommended solution to mitigate the risk posed by this vulnerability.
As remote work continues to be prevalent, ensuring the security of remote access tools remains paramount for organizations and individuals alike.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
