Skip to main content

Teamviewer CVE-2022-23242

MEDIUM
Improper Resource Shutdown or Release (CWE-404)
2022-03-23 psirt@teamviewer.com
4.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.2 MEDIUM
AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 23, 2022 - 16:15 nvd
MEDIUM 4.2

DescriptionNVD

TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.

AnalysisAI

TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-404. TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password. Affected products include: Teamviewer. Version information: before 15.28.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-13699 HIGH POC
8.8 Jul 29

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. Rated high severity (CVSS

CVE-2018-14333 HIGH POC
8.1 Jul 17

TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] a

CVE-2019-19362 MEDIUM POC
6.5 Dec 02

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. Rated medi

CVE-2018-16550 CRITICAL
9.8 Sep 05

TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by sk

CVE-2021-34859 HIGH
8.8 Oct 25

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0.

CVE-2019-18251 HIGH
8.8 Nov 26

In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. Rate

CVE-2021-34803 HIGH
7.8 Jun 16

TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations. Rated high severity (CVSS 7.8), this

CVE-2019-11769 HIGH
7.8 Sep 11

An issue was discovered in TeamViewer 14.2.2558. Rated high severity (CVSS 7.8), this vulnerability is low attack comple

CVE-2019-18196 MEDIUM
6.7 Oct 24

A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397),

CVE-2024-6053 MEDIUM
4.3 Aug 28

Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamV

Share

CVE-2022-23242 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy