Critical Privilege Escalation Vulnerabilities Discovered in TeamViewer Remote Clients for Windows

On September 25, 2024, TeamViewer published a security bulletin (TV-2024-1006) detailing two high-severity vulnerabilities in their Windows client software. The flaws, tracked as CVE-2024-7479 and CVE-2024-7481, stem from improper verification of cryptographic signatures during the installation of VPN and printer drivers. These vulnerabilities could allow an attacker with local unprivileged access to escalate their privileges and install potentially malicious drivers on the affected Windows system.

Given the widespread use of TeamViewer for remote access and support in both personal and enterprise environments, these vulnerabilities pose a significant risk. Organizations and individuals using vulnerable versions of TeamViewer should take immediate action to update their software and mitigate the potential for exploitation.

About TeamViewer

TeamViewer is a comprehensive remote access and support platform that enables users to connect to and control computers and mobile devices from anywhere in the world. It offers a wide range of features including:

TeamViewer is widely used by IT professionals, support teams, and individuals for various purposes such as remote work, technical support, and collaboration. The software is available in both free and paid versions, with the latter offering additional features and capabilities for enterprise use.Summary of the Vulnerabilities

Let's examine the details of the two vulnerabilities affecting TeamViewer:

CVE-2024-7479

CVE-2024-7481

Both vulnerabilities stem from a common issue: improper verification of cryptographic signatures in the TeamViewer_service.exe component. This flaw affects the installation process of VPN and printer drivers, respectively.

The root cause of these vulnerabilities is related to CWE-347: Improper Verification of Cryptographic Signature. This weakness occurs when an application does not properly check the cryptographic signature of drivers or other critical components before installation or execution.

In the case of TeamViewer, the vulnerable versions of the software fail to adequately verify the signatures of VPN and printer drivers during the installation process. This oversight allows an attacker with local access to potentially install unsigned or maliciously signed drivers, bypassing Windows security mechanisms designed to prevent the installation of untrusted drivers.

Impact of the Vulnerabilities

The impact of these vulnerabilities is significant, as evidenced by their high CVSS score of 8.8. Here's a breakdown of the potential consequences:

4. Data Theft: Elevated privileges and kernel-level access could allow an attacker to access and exfiltrate sensitive data from the compromised system.

5. Lateral Movement: In a networked environment, a compromised system could serve as a starting point for lateral movement, potentially leading to a wider breach.

It's important to note that these vulnerabilities require local access to exploit. While this somewhat limits the attack surface, it doesn't diminish the severity of the flaws, especially in shared or compromised environments.

Products Affected by the Vulnerabilities

The vulnerabilities affect multiple versions of TeamViewer's Windows client applications. Here's a comprehensive list of the affected products and versions:

Additionally, the security bulletin mentions that TeamViewer Remote and TeamViewer Tensor products are affected, though specific version information for these products is not provided in the available documentation.

It's worth noting that only Windows versions of TeamViewer are affected by these vulnerabilities. TeamViewer clients for other operating systems (e.g., macOS, Linux, mobile platforms) are not mentioned in the security advisory and are presumed to be unaffected.

How to Fix the Vulnerabilities?

TeamViewer has addressed CVE-2024-7479 and CVE-2024-7481 by releasing updated versions of their software. The primary solution is to update all affected TeamViewer products to version 15.58.4 or later. To facilitate this process, users should enable automatic updates within TeamViewer. This can be done by navigating to "Extras" > "Options" > "General" and checking the box for "Auto update TeamViewer to the latest version."

For environments where automatic updates are not feasible, manual updates can be performed by downloading the latest version from the official TeamViewer website. After updating, it's crucial to verify that the installation has been successfully updated to a non-vulnerable version. This can be done by checking the TeamViewer version information in the "About" section of the application.

By following these steps, you can mitigate the risk posed by CVE-2024-7479 and CVE-2024-7481. It's crucial to address these vulnerabilities promptly, as they could be exploited by attackers to gain elevated privileges on affected systems.

We hope this post helps learn about the details of CVE-2024-7479 and CVE-2024-7481 privilege escalation vulnerabilities in Windows version of TeamViewer client applications, its potential impact, affected versions, and most importantly - how to fix these vulnerabilites. Stay secure, stay updated, and continue to prioritize the safety of your users and their data. Thanks for reading this post. Please share this post and help secure the digital world.Visit our website thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive updates like this.

You may also like these articles: