Details of the Vulnerability
TeamViewer’s Remote client software for Windows has recently been found to harbor a significant security vulnerability, which could allow malicious actors to elevate their privileges on compromised systems. This flaw, designated as CVE-2024-7479 and CVE-2024-7481, impacts various versions of TeamViewer’s Windows Remote full client and Remote Host products.
The root of this vulnerability lies in the inadequate verification of cryptographic signatures within the TeamViewer_service.exe component. This oversight could permit an attacker with local, unprivileged access to a Windows system to escalate their privileges and potentially install unauthorized drivers. The severity of this issue is highlighted by its high CVSS3.1 base score of 8.8.
- TeamViewer Remote Full Client (Windows): < 15.58.4
- TeamViewer Remote Full Client (Windows): < 14.7.48796
- TeamViewer Remote Full Client (Windows): < 13.2.36225
- TeamViewer Remote Full Client (Windows): < 12.0.259312
- TeamViewer Remote Full Client (Windows): < 11.0.259311
- TeamViewer Remote Host (Windows): < 15.58.4
- TeamViewer Remote Host (Windows): < 14.7.48796
- TeamViewer Remote Host (Windows): < 13.2.36225
- TeamViewer Remote Host (Windows): < 12.0.259312
- TeamViewer Remote Host (Windows): < 11.0.259311
In response to this discovery, TeamViewer has released version 15.58.4 to address the issue and is urging all users to upgrade to the latest version without delay.
This vulnerability was uncovered by security researcher Peter Gabaldon, in partnership with Trend Micro’s Zero Day Initiative. TeamViewer has expressed gratitude to Gabaldon for responsibly disclosing the flaw, which enabled them to develop and implement a timely patch.
Given the extensive use of TeamViewer across both corporate and personal environments, it is crucial for users to act swiftly. Updating to the most recent version is the best course of action to mitigate the risks associated with this vulnerability.
As remote work continues to thrive, the security of remote access tools remains a top priority for organizations and individuals alike.