TeamViewer has addressed two critical vulnerabilities impacting its Remote Client and Remote Host products for Windows.
The vulnerabilities tracked as CVE-2024-7479 and CVE-2024-7481 both with a CVSS score of 8.8, stems from improper verification of cryptographic signatures during the installation of specific drivers. Specifically, these flaws affect the installation of VPN drivers and printer drivers via the TeamViewer_service.exe component of TeamViewer Remote Clients.
- CVE-2024-7479: Involves the improper verification of the cryptographic signature during the installation of a VPN driver.
- CVE-2024-7481: Involves the improper verification of the cryptographic signature during the installation of a printer driver.
These vulnerabilities enable attackers with local unprivileged access to escalate their privileges and install malicious drivers on the affected system. To exploit these vulnerabilities, attackers must have local access to the Windows system. While remote exploitation is not possible, once an attacker has local access, the potential risk is on the higher side
The vulnerabilities affect multiple versions of TeamViewer products for Windows. TeamViewer has provided a patch to address these vulnerabilities. Users and administrators are strongly encouraged to upgrade to version 15.58.4 or later to mitigate the risks associated with these vulnerabilities.
The latest version of the software is available for download via this link.
