Lucene search

TVCVELIST:CVE-2024-1933

HistoryMar 26, 2024 - 12:47 p.m.

CVE-2024-1933 Improper symlink resolution in TeamViewer Remote client for macOS

2024-03-2612:47:11

CWE-61

www.cve.org

cve-2024-1933

improper symlink resolution

insecure unix symbolic link

teamviewer

remote client

macos

privilege escalation

denial-of-service

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "MacOS"
    ],
    "product": "Remote Client",
    "vendor": "TeamViewer",
    "versions": [
      {
        "lessThan": "15.52",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2024-1002/

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-1933