SB2019110703 - Multiple vulnerabilities in TeamViewer bundled with Omron CX-Supervisor

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019110703

SB2019110703 - Multiple vulnerabilities in TeamViewer bundled with Omron CX-Supervisor

Published: November 7, 2019

Security Bulletin ID SB2019110703
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Medium 20% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Untrusted search path (CVE-ID: CVE-2010-3128)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to executed malicious .dll file passed via untrusted search path. A local attacker, and possibly remote attacker can execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file.


2) Information disclosure (CVE-ID: CVE-2018-14333)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to storing of a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters. A remote attacker can leverage an unattended workstation on which TeamViewer has disconnected but remains running and access arbitrary data.


3) Insufficiently protected credentials (CVE-ID: CVE-2019-11769)

The vulnerability allows a local attacker to obtain the administrator credentials.

The vulnerability exist due to the admin credentials in memory are stored in clear text. A local authenticated user can inject code into "Teamviewer.exe" which intercepts calls to GetWindowTextW and logs the processed credentials.



4) Improper control of interaction frequency (CVE-ID: CVE-2018-16550)

The vulnerability allows a remote attacker to perform a brute-force attack on the target system.

The vulnerability exists due to the application does not implement sufficient measures to prevent multiple failed authentication attempts. A remote attacker can bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN.



5) Use of Obsolete Function (CVE-ID: N/A)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained. A remote attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability could result in information disclosure, total compromise of the system, and system unavailability.


Remediation

Install update from vendor's website.

References