Input validation error in TeamViewer

#VU35040 Input validation error in TeamViewer

Published: 2019-11-26 | Updated: 2020-08-08

Vulnerability identifier: #VU35040

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-18251

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
TeamViewer
Client/Desktop applications / Other client software

Vendor: TeamViewer

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.

Mitigation
Install update from vendor's website.

Vulnerable software versions

TeamViewer: 5.0.8703_qs

External links
http://www.us-cert.gov/ics/advisories/icsa-19-318-04
http://www.zerodayinitiative.com/advisories/ZDI-19-997/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in TeamViewer