TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.
References
Link | Resource |
---|---|
https://www.teamviewer.com/en/trust-center/security-bulletins/TV-2022-1001/ | Patch Vendor Advisory |
Configurations
History
29 Mar 2022, 01:09
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 1.9
v3 : 4.2 |
CPE | cpe:2.3:a:teamviewer:teamviewer:*:*:*:*:*:linux:*:* | |
First Time |
Teamviewer
Teamviewer teamviewer |
|
CWE | CWE-404 | |
References | (MISC) https://www.teamviewer.com/en/trust-center/security-bulletins/TV-2022-1001/ - Patch, Vendor Advisory |
23 Mar 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-23 16:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-23242
Mitre link : CVE-2022-23242
CVE.ORG link : CVE-2022-23242
JSON object : View
Products Affected
teamviewer
- teamviewer
CWE
CWE-404
Improper Resource Shutdown or Release