CVE-2024-1933 - Vulnerability Details - OpenCVE

Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00076.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-17655	Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.

Fixes

Solution

Update to the latest version of TeamViewer Client for macOS (15.52 or higher).

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2024-1002/

History

No history.

MITRE

Status: PUBLISHED

Assigner: TV

Published: 2024-03-26T12:47:11.238Z

Updated: 2024-08-05T14:04:34.250Z

Reserved: 2024-02-27T14:10:39.499Z

Link: CVE-2024-1933

Vulnrichment

Updated: 2024-08-01T18:56:22.309Z

NVD

Status : Awaiting Analysis

Published: 2024-03-26T13:15:45.077

Modified: 2024-11-21T08:51:37.853

Link: CVE-2024-1933

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1933", "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "state": "PUBLISHED", "assignerShortName": "TV", "dateReserved": "2024-02-27T14:10:39.499Z", "datePublished": "2024-03-26T12:47:11.238Z", "dateUpdated": "2024-08-05T14:04:34.250Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS"], "product": "Remote Client", "vendor": "TeamViewer", "versions": [{"lessThan": "15.52", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink."}], "value": "Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-61", "description": "CWE-61 UNIX Symbolic Link (Symlink) Following", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "shortName": "TV", "dateUpdated": "2024-03-26T12:47:11.238Z"}, "references": [{"url": "https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2024-1002/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to the latest version of TeamViewer Client for macOS (15.52 or higher)."}], "value": "Update to the latest version of TeamViewer Client for macOS (15.52 or higher)."}], "source": {"discovery": "UNKNOWN"}, "title": "Improper symlink resolution in TeamViewer Remote client for macOS", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.309Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2024-1002/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-02T19:35:08.118253Z", "id": "CVE-2024-1933", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T14:04:34.250Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2024-1002/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.309Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1933", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-02T19:35:08.118253Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T14:04:20.687Z"}}], "cna": {"title": "Improper symlink resolution in TeamViewer Remote client for macOS", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TeamViewer", "product": "Remote Client", "versions": [{"status": "affected", "version": "0", "lessThan": "15.52", "versionType": "custom"}], "platforms": ["MacOS"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to the latest version of TeamViewer Client for macOS (15.52 or higher).", "supportingMedia": [{"type": "text/html", "value": "Update to the latest version of TeamViewer Client for macOS (15.52 or higher).", "base64": false}]}], "references": [{"url": "https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2024-1002/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.", "supportingMedia": [{"type": "text/html", "value": "Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-61", "description": "CWE-61 UNIX Symbolic Link (Symlink) Following"}]}], "providerMetadata": {"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "shortName": "TV", "dateUpdated": "2024-03-26T12:47:11.238Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1933", "state": "PUBLISHED", "dateUpdated": "2024-08-05T14:04:34.250Z", "dateReserved": "2024-02-27T14:10:39.499Z", "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "datePublished": "2024-03-26T12:47:11.238Z", "assignerShortName": "TV"}, "dataVersion": "5.1"}