CVE-2020-13699 Information

Description

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters as demonstrated by a teamviewer10: –play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10 teamviewer8 teamviewerapi tvchat1 tvcontrol1 tvfiletransfer1 tvjoinv8 tvpresent1 tvsendfile1 tvsqcustomer1 tvsqsupport1 tvvideocall1 and tvvpn1. The issue is fixed in 8.0.258861 9.0.258860 10.0.258873 11.0.258870 12.0.258869 13.2.36220 14.2.56676 14.7.48350 and 15.8.3.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448 https://jeffs.sh/CVEs/CVE-2020-13699.txt

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8