Описание
TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
EPSS
6.3 Medium
CVSS3
4.2 Medium
CVSS3
1.9 Low
CVSS2
Дефекты
Связанные уязвимости
TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.
Уязвимость программного обеспечения для удалённого управления компьютером TeamViewer, связанная с ошибками освобождения ресурсов, позволяющая нарушителю повысить свои привилегии
EPSS
6.3 Medium
CVSS3
4.2 Medium
CVSS3
1.9 Low
CVSS2