Detections
Analytics

TeamViewer Bypass Brute-force Authentication

critical Nessus Plugin ID 135707

Language:

Synopsis

The remote Windows host contains a program that is affected by an security authentication vulnerability.

Description

TeamViewer versions 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the 'Cancel' causing which makes it easier to determine the correct value of the default 4-digit PIN.

Solution

Upgrade for Teamviewer 10, upgrade to 10.0.134865 or later. For Teamviewer 11, upgrade to 11.0.133222 or later.
For Teamviewer 12, upgrade to 12.0.181268 or later. For Teamviewer 13, upgrade to 13.2.36215. For Teamviewer 14, upgrade to 14.2.8352. Alternatively, apply the workarounds outlined in the vendor advisory.

See Also

http://www.nessus.org/u?7b46a507

Plugin Details

Severity: Critical

ID: 135707

File Name: teamviewer_13_2_9356.nasl

Version: 1.2

Type: local

Agent: windows

Family: Windows

Published: 4/17/2020

Updated: 4/23/2020

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2018-16550

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:teamviewer:teamviewer

Required KB Items: SMB/TeamViewer/Installed, installed_sw/TeamViewer/

Exploit Ease: No known exploits are available

Patch Publication Date: 4/25/2019

Vulnerability Publication Date: 9/5/2018

Reference Information

CVE: CVE-2018-16550