CVE-2023-0837

An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:teamviewer:remote:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

22 Jun 2023, 19:37

Type	Values Removed	Values Added
CPE		cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:teamviewer:remote::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Teamviewer remote Apple Apple macos Microsoft windows Teamviewer Microsoft
CWE		NVD-CWE-Other
References	~~(MISC) https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001/ -~~	(MISC) https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001/ - Vendor Advisory

14 Jun 2023, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-06-14 08:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-0837

Mitre link : CVE-2023-0837

CVE.ORG link : CVE-2023-0837

JSON object : View

Products Affected

teamviewer

remote

microsoft

windows

apple

macos

CWE

NVD-CWE-Other CWE-285

Improper Authorization

{"id": "CVE-2023-0837", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@teamviewer.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.3}]}, "published": "2023-06-14T08:15:08.703", "references": [{"url": "https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001/", "tags": ["Vendor Advisory"], "source": "psirt@teamviewer.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "psirt@teamviewer.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration."}, {"lang": "es", "value": "Una comprobaci\u00f3n de autorizaci\u00f3n incorrecta de la configuraci\u00f3n del dispositivo local en TeamViewer Remote entre las versiones 15.41 y 15.42.7 para Windows y macOS permite a un usuario sin privilegios cambiar la configuraci\u00f3n b\u00e1sica del dispositivo local aunque las opciones estuvieran bloqueadas. Esto puede dar lugar a cambios no deseados en la configuraci\u00f3n. "}], "lastModified": "2023-06-22T19:37:11.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:teamviewer:remote:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EF5ED51-6BF4-42CC-847E-9164BBF86F60", "versionEndExcluding": "15.42.8", "versionStartIncluding": "15.41"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@teamviewer.com"}