Executive Summary

This vulnerability is a race condition (time-of-check time-of-use) in the directory validation logic of TeamViewer Full Client and Host for Windows versions prior to 15.69. It allows a local non-administrative user to manipulate symbolic links during directory verification to create arbitrary files with SYSTEM privileges. This means an attacker with local access can escalate privileges and potentially cause a denial-of-service condition. [1]

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability can allow a local non-admin user to create files with SYSTEM-level privileges, which can lead to unauthorized modification of system files or denial-of-service conditions. This could disrupt system availability and integrity, potentially affecting the normal operation of the affected Windows system running TeamViewer versions prior to 15.69. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability requires local access and involves symbolic link manipulation during directory verification in TeamViewer versions prior to 15.69 on Windows. Detection would involve checking the installed TeamViewer version to see if it is older than 15.69. You can check the installed version by running commands such as 'wmic product where "name like 'TeamViewer%'" get version' or checking the TeamViewer application properties. Additionally, monitoring for unusual symbolic link creations or file manipulations by non-admin users might help, but no specific detection commands are provided. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to update TeamViewer on Windows systems to version 15.69 or later, where this vulnerability is resolved. Restrict local user permissions to prevent non-administrative users from manipulating symbolic links if updating is not immediately possible. [1]

Useful 0 Not Useful 0