cbcvebase.

Teamviewer vulnerabilities

15 known vulnerabilities affecting teamviewer/teamviewer.

Total CVEs
15
CISA KEV
1
actively exploited
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH8MEDIUM4LOW1

Vulnerabilities

Page 1 of 1
CVE-2019-18988P2HIGHCVSS 7.0KEVPoC≤ 14.7.19652020-02-07
CVE-2019-18988 [HIGH] CWE-521 CVE-2019-18988: TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know
nvd
CVE-2020-13699P2HIGHCVSS 8.8PoCfixed in 15.8.32020-07-29
CVE-2020-13699 [HIGH] CWE-88 CVE-2020-13699: TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A mali TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password
nvd
CVE-2010-3128P3CRITICALCVSS 9.3PoC≤ 5.0.8703v1.85+3 more2010-08-26
CVE-2010-3128 [CRITICAL] CVE-2010-3128: Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possi Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file.
nvd
CVE-2021-34859P3HIGHCVSS 8.8v15.16.8.02021-10-25
CVE-2021-34859 [HIGH] CWE-119 CVE-2021-34859: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Te This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper v
nvd
CVE-2018-16550P3CRITICALCVSS 9.8≥ 10.0.2551, ≤ 13.2.93562018-09-05
CVE-2018-16550 [CRITICAL] CVE-2018-16550: TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protec TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN.
nvd
CVE-2019-18251P3HIGHCVSS 8.8v5.0.8703_qs2019-11-26
CVE-2019-18251 [HIGH] CWE-477 CVE-2019-18251: In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Versi In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.
nvd
CVE-2021-34858P3HIGHCVSS 7.8fixed in 15.21.2v15.16.8.02022-01-13
CVE-2021-34858 [HIGH] CWE-125 CVE-2021-34858: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Te This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation
nvd
CVE-2018-14333P3HIGHCVSS 8.1≤ 13.1.15482018-07-17
CVE-2018-14333 [HIGH] CWE-200 CVE-2018-14333: TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memor TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which TeamViewer has disconnected but remains running.
nvd
CVE-2019-11769P3HIGHCVSS 7.8v14.2.25582019-09-11
CVE-2019-11769 [HIGH] CWE-522 CVE-2019-11769: An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user r An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user context to intercept them in cleartext within process mem
nvd
CVE-2019-19362P4MEDIUMCVSS 6.5v14.3.47302019-12-02
CVE-2019-19362 [MEDIUM] CWE-212 CVE-2019-19362: An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memo
nvd
CVE-2021-34803P4HIGHCVSS 7.8fixed in 9.0.259145≥ 10.0.2551, < 10.0.259144+5 more2021-06-16
CVE-2021-34803 [HIGH] CWE-427 CVE-2021-34803: TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations. TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations.
nvd
CVE-2019-18196P4MEDIUMCVSS 6.7fixed in 11.0.214397≥ 12.0.0, < 12.0.214399+2 more2019-10-24
CVE-2019-18196 [MEDIUM] CWE-426 CVE-2019-18196: A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fi A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in 14.7.1965) on Windows could allow an attacker to perform code execution on a target system via a service restart where the DLL was previ
nvd
CVE-2024-6053P4MEDIUMCVSS 4.3fixed in 15.57.32024-08-28
CVE-2024-6053 [MEDIUM] CWE-359 CVE-2024-6053: Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior ver Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting.
nvd
CVE-2022-23242P4MEDIUMCVSS 4.2fixed in 15.282022-03-23
CVE-2022-23242 [MEDIUM] CWE-404 CVE-2022-23242: TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection
nvd
CVE-2021-35005P4LOWCVSS 3.3fixed in 15.18.5.0v15.18.5.02022-01-24
CVE-2021-35005 [LOW] CWE-129 CVE-2021-35005: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service. The issue results from the lack of proper valid
nvd
Teamviewer vulnerabilities | cvebase