TeamViewer Permissions Vulnerability (Windows)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a program that is affected by a
permissions vulnerability.

Description :

According to its version number, the TeamViewer install on the remote
Windows host is a version prior to 11.0.89975, 12.0.89970, or 13.0.5640.
It is, therefore, affected by a permissions vulnerability than can result
in unauthorized remote control.

During an authenticated connection it may be possible for an attacker to
control the mouse without regard for the server's current control setting.
This can be exploited from both the viewer and presenter roles, enabling the
viewer to control the presenters mouse or enabling the 'switch sides' feature without
requiring the client to agree.

See also :

http://www.nessus.org/u?049e3175
https://threatpost.com/teamviewer-rushes-fix-for-permissions-bug/129096/
https://github.com/gellin/TeamViewer_Permissions_Hook_V1

Solution :

Upgrade to TeamViewer 11.0.89975 / 12.0.89970 / 13.0.5640 or later.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 105074 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now