CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-13699

HIGH
8.8
CVSS Severity Score
EPSS Score0.1450%
EPSS Percentile25.84th
Published2020年7月29日
Last Modified2024年11月21日

Vulnerability Description

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.

Affected Platforms (CPE)

📦
Teamviewer

Teamviewer

< 15.8.3

References & Advisories

🔗 https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
🔗 https://jeffs.sh/CVEs/CVE-2020-13699.txt
🔗 https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
🔗 https://jeffs.sh/CVEs/CVE-2020-13699.txt

関連する脆弱性情報

CVE-2018-165509.8

TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the...

CVE-2010-31289.3

Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execu...

CVE-2019-182518.8

In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version o...

CVE-2021-348598.8

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User inter...