6.9
CVE-2019-18196
- EPSS 0.04%
- Published 24.10.2019 16:15:20
- Last modified 21.11.2024 04:32:48
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in 14.7.1965) on Windows could allow an attacker to perform code execution on a target system via a service restart where the DLL was previously installed with administrative privileges. Exploitation requires that an attacker be able to create a new file in the TeamViewer application directory; directory permissions restrict that by default.
Data is provided by the National Vulnerability Database (NVD)
Teamviewer ≫ Teamviewer Version < 11.0.214397
Teamviewer ≫ Teamviewer Version >= 12.0.0 < 12.0.214399
Teamviewer ≫ Teamviewer Version >= 13.0.0 < 13.2.36216
Teamviewer ≫ Teamviewer Version >= 14.0.0 < 14.7.1965
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.087 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.