Main Vulnerability Database Vulnerabilities #VU35040

Input validation error in TeamViewer Remote Full Client for Windows - CVE-2019-18251

Published: November 26, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35040

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-18251

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TeamViewer

Affected software:
TeamViewer Remote Full Client for Windows

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.

How to mitigate CVE-2019-18251

Install update from vendor's website.

Sources

https://www.us-cert.gov/ics/advisories/icsa-19-318-04
https://www.zerodayinitiative.com/advisories/ZDI-19-997/

Input validation error in TeamViewer Remote Full Client for Windows - CVE-2019-18251

Detailed vulnerability description

How to mitigate CVE-2019-18251

Sources

Please verify you're human