Lucene search

TVCVELIST:CVE-2022-23242

HistoryMar 22, 2022 - 12:00 a.m.

CVE-2022-23242 TeamViewer Linux - Deletion command not properly executed after process crash

2022-03-2200:00:00

www.cve.org

cve-2022-23242

teamviewer

linux

deletion command

process crash

connection password

remote connection

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.

CNA Affected

[
  {
    "platforms": [
      "Linux"
    ],
    "product": "TeamViewer for Linux",
    "vendor": "TeamViewer",
    "versions": [
      {
        "lessThanOrEqual": "15.27",
        "status": "affected",
        "version": "15.27",
        "versionType": "custom"
      }
    ]
  }
]

References

www.teamviewer.com/en/trust-center/security-bulletins/TV-2022-1001/

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-23242