CVE-2022-50931
Insecure File Permissions in TeamSpeak 3.5.6 Enables Privilege Escalation
Publication date: 2026-01-13
Last updated on: 2026-02-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| teamspeak | teamspeak | 3.5.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50931 is a vulnerability in TeamSpeak version 3.5.6 caused by insecure file permissions. It allows local attackers to replace critical executable files, such as ts3client_win32.exe, with malicious binaries. Because these executables have overly permissive access rights, an attacker with local access can substitute them, potentially leading to privilege escalation to SYSTEM or Administrator-level access. [2, 4]
How can this vulnerability impact me? :
This vulnerability can have a severe impact by allowing a local attacker to escalate their privileges to SYSTEM or Administrator level on the affected machine. By replacing legitimate TeamSpeak executables with malicious ones, the attacker can gain full control over the system, compromising confidentiality, integrity, and availability of the system and data. [2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the file permissions of critical TeamSpeak executable files such as ts3client_win32.exe, update.exe, package_inst.exe, QtWebEngineProcess.exe, and createfileassoc.exe. On Windows systems, you can use the icacls command to inspect the permissions of these files. For example, running `icacls ts3client_win32.exe` will show if the file has overly permissive access rights that allow modification by unauthorized users, indicating the presence of the vulnerability. [4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting the file permissions of the affected TeamSpeak executables to prevent unauthorized modification. This involves removing overly permissive access rights and ensuring that only SYSTEM and trusted administrator accounts have write permissions. Additionally, updating to a patched version of TeamSpeak, if available, or applying vendor-recommended fixes is advised to fully resolve the issue. [4, 2]