teamviewer.com link icon
or
Ask The Community

Statement on Recent Post - CVE-2019-18988

Natascha
Natascha Posts: 1,289 Senior Moderator

Hi all,

TeamViewer is safe to use. You may have seen a recent blog post and subsequent Social Media discussions regarding the reverse engineering of some locally stored TeamViewer settings. While our security engineers are looking into this issue with all due diligence, we would like to stress that we do not deem it highly critical upon first assessment.

The issue does not affect TeamViewer account passwords needed to log into TeamViewer. Also, in order to take advantage of the issue, someone would need to have already gained access to a user’s system via other means. 

Regardless of our assigned criticality, we certainly take the provided information very seriously as it shows that there is room for improvement, which we are already addressing. We will be reaching out to the researcher to discuss his findings and will update you on our potential mitigation steps shortly.

Again, TeamViewer is safe to use. As always, we encourage our users to always use the latest TeamViewer version and to keep their systems updated. Please do not hesitate to contact our support team with any questions you might have.

Best regards,
Natascha

German Community Moderator [on Parental Leave 🙋‍♀️]

Comments

  • The vulnerability notice was made more than two months ago.

    Security team must have taken the warning seriously.
    https://whynotsecurity.com/blog/teamviewer/

  • So when you say:


    @Natascha wrote:

    Hi all,

    TeamViewer is safe to use. You may have seen a recent blog post and subsequent Social Media discussions regarding the reverse engineering of some locally stored TeamViewer settings. While our security engineers are looking into this issue with all due diligence, we would like to stress that we do not deem it highly critical upon first assessment.

    The issue does not affect TeamViewer account passwords needed to log into TeamViewer. Also, in order to take advantage of the issue, someone would need to have already gained access to a user’s system via other means. 

    Regardless of our assigned criticality, we certainly take the provided information very seriously as it shows that there is room for improvement, which we are already addressing. We will be reaching out to the researcher to discuss his findings and will update you on our potential mitigation steps shortly.

    Again, TeamViewer is safe to use. As always, we encourage our users to always use the latest TeamViewer version and to keep their systems updated. Please do not hesitate to contact our support team with any questions you might have.

    Best regards,
    Natascha



    This means any domain joined computer with multiple user accounts now has a user able to elevate to local adminsitrator rights?

    Do you now see how that can be a problem?

  • Natascha your statements, "we do not deem it highly critical upon first assessment" and " TeamViewer is safe to use" shows a complete lack of taking this matter seriously. While you might not understand the potential impact, those of us with Global Security responsibilities certainly do.

    TeamViewer really didn't take this that seriously - did you?

    Timeline:

    • November 05th, 2019: Reach out to @TeamViewer_help on Twitter
    • November 05th, 2019: Send email to the Director of Security
    • November 14th, 2019: Request CVE based on precedent set by CVE-2014-1812
    • November 15th, 2019: Receive CVE-2019-18988
    • November 15th, 2019: Send email to Director of Security notifying them there is now a CVE assigned to this
    • November 18th, 2019: Receive first and only email back from vendor “We’re looking into it” email
    • January 13th, 2020: Status update request email sent to Director of Security
    • February 03rd, 2020: Publish writeup

    If your position turns out to be inaccurate, will you accept financial responsiblity for our loses?

    I thought not.

     

    FYI - here is the POC https://github.com/rapid7/metasploit-framework/pull/12900

  • It appears there is a new hack.      This blog report was created Feb, 2, 2020 posted Feb. 3rd (yesterday).     The hacker was using Teamviewer 7 and 14 ( no word on version 15 ).   

    Is there a newly found vulnerability?

    https://whynotsecurity.com/blog/teamviewer/

     

  • JoshP
    JoshP Posts: 517 Senior Moderator

    Hello @whitefish @C0ntr07 @QuillOmega0 @JulioRossini 

    Thank you all for your feedback. 

    We have posted a more in-depth explanation of the findings here.

    Josh P.
    Senior Community Moderator

    Did my response answer your question? Help out others and select it as the Accepted Answer

Sign In or Register to comment.