Advisory Teamviewer 14.2.2558 Insufficiently Protected Administrator Credentials (CVE-2019-11769)

Teamviewer 14.2.2558 verarbeitet administrative Zugangsdaten im Updateprozess so, dass ein lokaler Angreifer im gleichen Benutzerkontext diese im Klartext mitlesen kann und dadurch seine Rechte auf dem System ausweiten kann. Dieses Verhalten wurde in Version 14.4.2669 behoben, wir empfehlen daher ein Update auf diese Version.

Detailed security advisory:
Advisory ID: TO-2019-003
Product: Teamviewer
Vendor: Teamviewer
Tested Version: 14.2.2558
Vulnerability Type: Incorrect Access Control
CVSS Risk: 8.2 (High)
CVSSv3: AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Solution Status: Fixed
Fixed Version: 14.4.2669
CVE Reference: CVE-2019-11769
CWE Reference: CWE-522
Author of Advisory: Tobias Gyoerfi, Thinking Objects GmbH

========================================================================

Overview:

Teamviewer 14.2.2558 allows local attackers under the same user context
as the running application to intercept user-provided administrative
account credentials during its update process.
These credentials can be consequently reused for privilege escalation.

========================================================================

Vulnerability Details:

Updating Teamviewer as a non-administrative user requires entering
administrative credentials into the application's GUI. 
Subsequently, these credentials are processed in Teamviewer.exe which
allows any application running in the same non-administrative user
context to intercept them in plain text. By using this technique,
a local attacker is able to obtain administrative credentials in order
to elevate privileges.

========================================================================

Proof of Concept (PoC):

An attacker can exploit this vulnerability by injecting code into
Teamviewer.exe which intercepts calls to the affected window and logs
the processed credentials.

========================================================================

Solution:

Upgrade Teamviewer to version 14.4.2669.

========================================================================

Disclosure Timeline:

2019-05-02: Vulnerability discovered
2019-05-06: CVE reserved
2019-05-16: Vulnerability reported to vendor
2019-07-09: Vulnerability confirmed by vendor, product fix released
2019-08-26: Product fix verified
2019-09-10: Vulnerability disclosed

========================================================================

References:

* Product website:
  https://www.teamviewer.com/en/download/windows/
* Security advisory:
  blog.to.com/advisory-teamviewer-cve-2019-11769-2

========================================================================

Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on to.com.

========================================================================

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

CAPTCHA *