CVE-2019-11769

EPSS 0.09%
Veröffentlicht 11.09.2019 20:15:10
Zuletzt bearbeitet 21.11.2024 04:21:45
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user context to intercept them in cleartext within process memory. By using this technique, a local attacker is able to obtain administrative credentials in order to elevate privileges. This vulnerability can be exploited by injecting code into Teamviewer.exe which intercepts calls to GetWindowTextW and logs the processed credentials.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Teamviewer ≫ Teamviewer Version14.2.2558

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.27

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://blog.to.com/advisory-teamviewer-cve-2019-11769-2/

Third Party Advisory

https://community.teamviewer.com/t5/Knowledge-Base/tkb-p/Knowledgebase?type=label&labels=Security

Product

https://nvd.nist.gov/vuln/detail/CVE-2019-11769

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11769

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11769

EUVD