Version 9 version handling
Hi,
Ref the CVE-2020-13699 vulnerability.
You have released a version of v9 to resolve said vulnerability. We are running Qualys to detect vulnerabilities, and it appears that it is detecting a potential false positive.
When checking for said vulnerability, it will go into the Teamviewer.exe file and look at the version. The latest version appears to show as 9.0.62252.0, but it expects finding a higher version (9.0.258860.0). I've looked at other files and version information, and I indeed find references to 9.0.258860.0, but not the "File version" attribute on teamviewer.exe.
Is this attribute erroneously not updated with this latest version of Teamviewer 9?
Where can we tell Qualys to look to validate that this newer version is installed?
Thanks.
Best regards,
Morten Mikkelborg
Comments
-
we face the same issue, where we can download the latest teamviewer 9?
as qualys told, the latest version should be 9.0.93332.
0 -
Hello @Manitowoc,
Hello @MortenMi,Thank you for your messages and welcome to the TeamViewer Community! ?
We recently released a security update for version 8 to 15 for the Windows platform.
This would explain why Qualys still identifies version 9.0.93332 to be the latest. We can confirm that the latest version is 9.3.62252.0 and is safe to use.
Please find our official statement here: Statement on CVE 2020-13699
I hope this could help. ?
If not, do not hesitate to ask your questions here. ?
Best regards
Jean
Community Manager
0 -
Hello,
I'm afraid this doesn't resolve my problem.
Qualys knows that version 9.0.62252 has the vulnerability in question. When we update Teamviewer to version 9.3.62252, Qualys still identifies the Teamviewer install to be version 9.0.62252, because the Teamviewer.exe file in that update still has the File Version flag 9.0.62252. The File Version flag is not updated with the patched version of Teamviewer.
Since File Version is not updated (I'm assuming this might be an oversight from Teamviewer's end, not updating this metadata), what part of Teamviewer 9 shows the accurate installed version which we can tell Qualys to look at?
Thanks.
0