CVE-2023-0837: TV-2023-1001

1. Summary

A vulnerability has been found in the TeamViewer Remote client between version 15.41 and 15.42.7 that allows an unprivileged user to make unwanted changes to the basic local device settings. This only affects users who configured options to be locked. The bug has been fixed with version 15.42.8. We recommend users relying on this feature to update the TeamViewer Remote client as soon as possible

2. Vulnerability Details

CVE-ID

CVE-2023-0837

————————–

——————————————————————————————————————

Description

In TeamViewer Remote between version 15.41 and 15.42.7 the basic device settings can be accessed by users even if these have been locked by the administrator. An unprivileged user with access to the device can change the basic settings, which can result in unwanted changes to the configuration. This does not apply to advanced settings, which have always been properly protected if options were locked.

————————–

——————————————————————————————————————

CVSS3.0 Score

Base Score 6.6 (medium)

————————–

——————————————————————————————————————

CVSS3.0 Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

————————–

——————————————————————————————————————

Problem type

CWE-285: Improper Authorization

3. Affected products & versions

Product

Versions

Info

————————–

————————————–

————————————————————————–

TeamViewer Remote Client

15.41 – 15.42.7

Update available

————————–

————————————–

————————————————————————–

4. Solutions & mitigations

Update to the latest version (15.42.8 or higher)

5. Additional Resources

Protect TeamViewer options:

https://community.teamviewer.com/English/kb/articles/109271-protect-teamviewer-options

Download resources:

https://www.teamviewer.com/en/download/

6. Acknowledgments

We thank Paul Curran (iFacility) very much for his contribution and responsible behavior.

Affected Products

• TeamViewer Remote for Windows
• TeamViewer Remote for macOS