Teamviewer
Update Teamviewer to version 15.60.3

What patches are you missing?



CVE Vulnerabilities for Teamviewer

CVEPublishedSeverityDetailsExploitability Impact Vector
CVE‑2024‑60532024‑08‑28 17:15:11MEDIUM (4)Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting.31NETWORK
CVE‑2022‑232422022‑03‑23 16:15:08MEDIUM (4)TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.14LOCAL
CVE‑2021‑350052022‑01‑24 18:15:08LOW (3)This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-13818.21LOCAL
CVE‑2021‑348592021‑10‑25 17:15:08HIGH (9)This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13697.36NETWORK
CVE‑2021‑348582022‑01‑13 22:15:09HIGH (8)This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13606.26LOCAL
CVE‑2021‑348032021‑06‑16 15:15:09HIGH (8)TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations.26LOCAL
CVE‑2020‑136992020‑07‑29 16:15:12HIGH (9)TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.36NETWORK
CVE‑2019‑193622019‑12‑02 03:15:11MEDIUM (7)An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges.34NETWORK
CVE‑2019‑189882020‑02‑07 16:15:10HIGH (7)TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system.16LOCAL
CVE‑2019‑182512019‑11‑26 00:15:12HIGH (9)In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.36NETWORK
CVE‑2019‑181962019‑10‑24 16:15:20MEDIUM (7)A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in 14.7.1965) on Windows could allow an attacker to perform code execution on a target system via a service restart where the DLL was previously installed with administrative privileges. Exploitation requires that an attacker be able to create a new file in the TeamViewer application directory; directory permissions restrict that by default.16LOCAL
CVE‑2019‑117692019‑09‑11 20:15:10HIGH (8)An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user context to intercept them in cleartext within process memory. By using this technique, a local attacker is able to obtain administrative credentials in order to elevate privileges. This vulnerability can be exploited by injecting code into Teamviewer.exe which intercepts calls to GetWindowTextW and logs the processed credentials.26LOCAL
CVE‑2018‑165502018‑09‑05 22:29:00MEDIUM (5)TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN.00NETWORK
CVE‑2018‑143332018‑07‑17 02:29:00MEDIUM (4)TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which TeamViewer has disconnected but remains running.00NETWORK
CVE‑2010‑31282010‑08‑26 18:36:36HIGH (9)Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file.00NETWORK

Get the IT stuff done that nobody wants to do.

Patch more applications, achieve compliance, and prevent problems while reducing stress with Lavawall®.

Security First

A security tool by security auditors. From Passkeys and Argon2i to source validation and MVSP principles, Lavawall® has you covered.

Constant Improvement

More features and more security added nearly every day.

More patchable programs added every week

While Ninite and other patching tools have had the same patch offerings for decades, we're monitoring stats to keep adding the most useful programs (currently over 7,463)!

Details matter

From wrapping TLS communications in extra encryption and uninstalling remote support tools when they aren't used to detailed statistical analysis of system and network performance, Lavawall® goes in-depth.

Chromium extensions and Notification Validation

Lavawall® goes beyond patches and breach detection. We also monitor for risky Chromium extensions and allowed notifications that might be part of a phishing or ransomware attack.

Extended Cloud Security

Extend the security features of Cloudflare, Microsoft, Google, Sophos, and other cloud providers to create a Lavawall® of protection

Secure Remote Management

Even if you used breached remote management tools like ScreenConnect through Lavawall® when it was vulnerable, your computers stayed safe because we only install the agent when it needs to be used.

Integrations and automation

Easily deploy, monitor, and analyze security tools like Huntress, AutoElevate, and Sophos. Magically gain details from ZenDesk, ConnectWise, Datto, Panorama9, Microsoft, and Google.

Human and automated support

Get immediate fixes, user notifications, admin notifications -- and even security-certified human level 3 support when our advanced statistical analysis confirms a problem or anomaly.

We are constantly improving the Lavawall® tools to add more value. Some of our most recent changes include:
2024‑12‑020.12.19.206test commit
2024‑11‑220.12.18.205
2024‑10‑300.12.8.195Mac update refinements
2024‑10‑250.12.3.190
2024‑10‑210.12.0.187Macos implementaiton, linux and windows improvements
2024‑10‑160.11.128.186Linux stats and system information improvements, improvements for application shutdown
2024‑09‑120.11.113.171CPU Optimizations and Packages reliability improvements
2024‑09‑050.11.106.164Phased deployment enhancements
2024‑09‑040.11.103.161
2024‑09‑020.11.102.160CPU Optimizations and Packages reliability improvements
2024‑08‑300.11.99.157CPU Optimizations and Packages reliability improvements
2024‑08‑290.11.98.156CPU utilization and console event optimization
2024‑08‑280.11.97.155Reliability to detect unusual updates like redistributables.
2024‑08‑270.11.96.154
2024‑08‑260.11.95.153Faster response for reboot requests
2024‑08‑200.11.92.150Additional package upgrade pre-requisites
2024‑08‑150.11.89.147
2024‑08‑060.11.87.145
2024‑07‑260.11.83.141Add resiliency for MAC duplicates and uptime
2024‑07‑250.11.82.140Changes to facilitate cross-platform use. Bitlocker and Windows key refinements
2024‑07‑150.11.80.138Antivirus and temperature added to configuration checks
2024‑07‑150.11.79.137Add configuration checks for execution policy and secure boot
2024‑07‑110.11.77.135load balancing refinements
2024‑07‑100.11.76.134Add additional load balancing and data residency capabilities, add randomness to recurring task timings to decrease server load
2024‑07‑050.11.74.132changes to graph and residual work on user imporsonation
2024‑07‑040.11.73.131Add configuration checks for execution policy and secure boot.
2024‑07‑030.11.72.130Enhanced event log monitoring
2024‑07‑020.11.71.129Add details to Windows updates, enhanced risk metrics for application patches
2024‑06‑190.11.65.123Update resiliancy and garbage collection
2024‑06‑130.11.60.118Enhanced logging
2024‑06‑120.11.55.113Include the primary drive serial number; MAC addresses for built-in wireless, Bluetooth, and ethernet into the device hash to restore uninstalled and reinstalled devices in cases where the motherboard serial is not unique
2024‑06‑070.11.54.112Patch and package uninstall data addition
2024‑06‑050.11.47.105refine per-user registry application listing
2024‑06‑020.11.45.103uninstall and reinstall refinements, refine local logging, refine self-update and uninstall timing
2024‑05‑300.11.21.79various bug fixes and improvements
2024‑05‑280.11.16.74Error logging, registration, and uninstall improvements.
2024‑05‑240.11.14.72applied changes for devices and login commands, changes for registration as well
2024‑05‑220.11.13.71Add Windows computer model, improve Operating System parsing
2024‑05‑210.11.11.69Added additional states for Windows update, flexibility for non-standard program file configurations, support for network diagrams at the switch level, details for Windows editions
2024‑05‑210.11.10.68Add specific cases for Defender patterns and Composer versions.
2024‑05‑170.11.3.61Change Log storage location to c:\program files\Lavawall
2024‑05‑170.11.1.59self-update improvements.
2024‑05‑160.8.0.55 error log reporting and management.
2024‑05‑150.7.0.54Websocket resiliency improvements
2024‑05‑090.6.0.53 Error log reporting and management.
2024‑05‑010.5.44.52Even more improvements to scheduler
2024‑04‑240.5.41.49Install compatibility with Sandbox
2024‑04‑220.5.21.29Project property changes to enable automated compilation with new features.
2024‑04‑200.5.20.28Add motherboard serial number and company reassignment
2024‑04‑110.5.4.12Automate release notes as part of build process

Although the Linux agent code base is mature, dating back to 2006, we're still constantly improving it to add value and compatibility for new distributions. Some of our most recent changes include:
NOTE: changes after June 2024 are incorportated into the Windows Changelog as the codebases for Windows, Linux, and Mac were combined
2024‑05‑20253Added cleanup of old .json files during a re-install
2024‑05‑13252Added apt-get update to install
2024‑05‑06248Allow restart to use /var/run/reboot-required if needrestart is not installed
2024‑04‑22239Improve internal update and version tracking
2024‑04‑15235Add support for Yum packages
2024‑04‑08233Align patching with Windows patch reporting
2024‑04‑02228Add support for needrestart
2024‑03‑04224Schedule restarts
2024‑03‑25221Add support for apt packages
2024‑03‑18212Implement release management
2024‑03‑11202Add user login monitoring
2024‑03‑04189Enhance installation reliability
2024‑02‑26187Exapand triggers to identify if the instance needs to be restarted
2024‑02‑19146Improve compatibility for non-AWS instances
2024‑02‑14138Add self-uninstall capabilities
2024‑02‑12135Enhance scheduling flexibility
2024‑02‑07132Add kernel version tracking
2024‑02‑05124Add device hash to cryptographic self-update script validation
2024‑01‑29107Enhance encryption of patch data
2024‑01‑2298Improve how available storage is calculated
2024‑01‑1597Move initial tasks from installation file to sub scripts
2024‑05‑2191Improve multi-distribution compatibility
2024‑05‑2179Improve encryption reliability
2023‑12‑1168Enhance cryptographic validation of new scripts before updating
2023‑11‑2062Add inner layer of AES encryption in case TLS inspection doesn't allow for a secure connection
2023‑11‑2756Additional base cases for resiliancy
2023‑11‑2054Additional headers added to authentication process during installation.
2023‑11‑2053Enhanced key management
2023‑11‑1551Add insecure installation parameter to allow installation in environments with TLS inspection or other machine-in-the-middle situations.
2023‑11‑0642Enhance redundant encryption during installation.
2023‑10‑3033Improve install-over compatibility
2023‑10‑2318Add reboot configuration and scheduling
2023‑10‑2317Add self-updating functionality.
2023‑10‑1615Add Linux patching information for apt
2023‑10‑0914Collect system information
2023‑10‑0913Add Linux distribution information
2023‑09‑3012Add memory monitoring
2023‑09‑3010Add hardware information
2023‑09‑239Add AWS information
2023‑09‑238Add customized schedule capability for configuration updates
2023‑09‑237Add support for package monitoring using package and dpkg logs
2023‑09‑166Add storage data configuration gathering
2023‑09‑165Add CPU information

Lavawall®'s data gathering approach started with Government and Fortune 50 information security audits. When our founder transitioned from audit and assurance work to a Managed IT Service Provider (MSP), he was shocked that basics like Multi-Factor Authentication were painful to implement in some RMMs like ConnectWise and it was impossible to turn off remote access services in others like Datto RMM and SuperOps.

Lavawall® was built from the ground up with these concerns and the Minimum Viable Secure Product requirements in mind.

Some of the controls we implemented include:
  • PassKeys as the preferred primary authentication at no additional cost
  • Single Sign-on using modern, maintained, and industry-standard protocols for all customers at no additional cost
  • Multi-Factor Authentication as a non-negotiable default
  • Encrypting communications the same way as TLS again within the TLS tunnel, so we can allow TLS inspection without breaking like Huntress or disclosing security vulnerabilities to eavesdroppers.
  • Encouraging external vulnerability reports and customer testing
  • Passwords checked against popular disclosed passwords, hashed before they leave your computer, and then stored using Argon2id
  • Not requiring the use of passwords at all. We consider them a temporary backup authentication in case you can't use passkeys or SSO.

Lavawall® scanning computers are on dedicated servers in Calgary, Alberta, Canada.
Lavawall® databases and front-end systems are hosted with AWS in Montréal, Québec, Canada.
We send emails through AWS in Ireland and dedicated servers in Calgary, Alberta, Canada.
We send text messages for additional identity verification through Twilio in the United States.
We store executables and pass requests through Cloudflare at your nearest edge location.
We use Cloudflare for risk management, turnstile, and web application firewall services.
We use LeadPages for landing pages.
We use Google and Facebook for analytics on our public-facing pages, but they do not have access to the console.
We integrate with third-party tools, such as Microsoft, Google, Huntress, Screen Connect, Axcient, and Datto in their respective locations. However, you must initiate these integrations through single sign-on or by enabling them in your Lavawall® console.

Active security by design

Lavawall® is under active development with the latest release including:

7,463+

Monitored Applications

23+

System Metrics

Actively manage your IT with Lavawall®

Patching

Updates Beyond Windows

Lavawall® prevents the 80% of breaches and failed audits due to missing patches and updates.
You can reduce application patching delays from 67 days to nearly immediate with the 350+ applications that Lavawall® monitors and patches.

Patch release monitoring
Monitor everything without having to select packages or “managed applications”
Patch impact classification
Standard and optional Windows patches
Lavawall patch grid
Art
Box
Cal