Reference:
Advisory #2020-026
Version:
1.0
Affected software:
TeamViewer versions prior to 15.8.3
Type:
Brute-Forcing
CVE/CVSS:
CVE-2020-13699
Sources
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
https://jeffs.sh/CVEs/CVE-2020-13699.txt https://www.helpnetsecurity.com/2020/08/06/cve-2020-13699/ https://nvd.nist.gov/vuln/detail/CVE-2020-13699Risks
Successful exploitation of this high-risk vulnerability could allow a remote attacker to crack users’ passwords and, consequently, lead to further system exploitation. This vulnerability impacts government entities including large, medium and small businesses.
Description
TeamViewer is an application used for remote control, desktop sharing, online meetings, web conference and file transfer between systems. This vulnerability is due to the program not properly quoting its customer Uniformed Resources Identifier (URI) handlers and could be exploited when the system visits a malicious website. An attacker could include a malicious iframe in a website with a crafted URL that would launch the TeamViewer desktop client and force it to open a remote SMB share. Windows will then launch an NTLM authentication request to the attacker’s system allowing for offline rainbow table attacks and brute force cracking attempts.
Recommended Actions
CERT.be recommends to system administrators to update their software to the most recent version available (at least version 15.8.4).
References
