Highlighted
Posted by Senior Moderator Senior Moderator
Senior Moderator

Statement on Recent Post - CVE-2019-18988

Hi all,

TeamViewer is safe to use. You may have seen a recent blog post and subsequent Social Media discussions regarding the reverse engineering of some locally stored TeamViewer settings. While our security engineers are looking into this issue with all due diligence, we would like to stress that we do not deem it highly critical upon first assessment.

The issue does not affect TeamViewer account passwords needed to log into TeamViewer. Also, in order to take advantage of the issue, someone would need to have already gained access to a user’s system via other means. 

Regardless of our assigned criticality, we certainly take the provided information very seriously as it shows that there is room for improvement, which we are already addressing. We will be reaching out to the researcher to discuss his findings and will update you on our potential mitigation steps shortly.

Again, TeamViewer is safe to use. As always, we encourage our users to always use the latest TeamViewer version and to keep their systems updated. Please do not hesitate to contact our support team with any questions you might have.

Best regards,
Natascha

5 Replies
5 Replies
Highlighted
Posted by
Photon

Re: Statement on Recent Post - CVE-2019-18988

The vulnerability notice was made more than two months ago.

Security team must have taken the warning seriously.
https://whynotsecurity.com/blog/teamviewer/

Highlighted
Posted by
Photon

Re: Statement on Recent Post - CVE-2019-18988

So when you say:


@Natascha wrote:

Hi all,

TeamViewer is safe to use. You may have seen a recent blog post and subsequent Social Media discussions regarding the reverse engineering of some locally stored TeamViewer settings. While our security engineers are looking into this issue with all due diligence, we would like to stress that we do not deem it highly critical upon first assessment.

The issue does not affect TeamViewer account passwords needed to log into TeamViewer. Also, in order to take advantage of the issue, someone would need to have already gained access to a user’s system via other means. 

Regardless of our assigned criticality, we certainly take the provided information very seriously as it shows that there is room for improvement, which we are already addressing. We will be reaching out to the researcher to discuss his findings and will update you on our potential mitigation steps shortly.

Again, TeamViewer is safe to use. As always, we encourage our users to always use the latest TeamViewer version and to keep their systems updated. Please do not hesitate to contact our support team with any questions you might have.

Best regards,
Natascha



This means any domain joined computer with multiple user accounts now has a user able to elevate to local adminsitrator rights?

Do you now see how that can be a problem?

Highlighted
Posted by
Electron

Re: Statement on Recent Post - CVE-2019-18988

Natascha your statements, "we do not deem it highly critical upon first assessment" and " TeamViewer is safe to use" shows a complete lack of taking this matter seriously. While you might not understand the potential impact, those of us with Global Security responsibilities certainly do.

TeamViewer really didn't take this that seriously - did you?

Timeline:

  • November 05th, 2019: Reach out to @TeamViewer_help on Twitter
  • November 05th, 2019: Send email to the Director of Security
  • November 14th, 2019: Request CVE based on precedent set by CVE-2014-1812
  • November 15th, 2019: Receive CVE-2019-18988
  • November 15th, 2019: Send email to Director of Security notifying them there is now a CVE assigned to this
  • November 18th, 2019: Receive first and only email back from vendor “We’re looking into it” email
  • January 13th, 2020: Status update request email sent to Director of Security
  • February 03rd, 2020: Publish writeup

If your position turns out to be inaccurate, will you accept financial responsiblity for our loses?

I thought not.

 

FYI - here is the POC https://github.com/rapid7/metasploit-framework/pull/12900

Highlighted
Posted by
Electron

Is there a newly found vulnerability?

It appears there is a new hack.      This blog report was created Feb, 2, 2020 posted Feb. 3rd (yesterday).     The hacker was using Teamviewer 7 and 14 ( no word on version 15 ).   

Is there a newly found vulnerability?

https://whynotsecurity.com/blog/teamviewer/

 

Highlighted
Posted by Senior Moderator Senior Moderator
Senior Moderator

Re: Statement on Recent Post - CVE-2019-18988

Hello @whitefish @C0ntr07 @QuillOmega0 @JulioRossini 

Thank you all for your feedback. 

We have posted a more in-depth explanation of the findings here.

Josh P.
Senior Moderator

If my reply answered your question, help out other users and click the Accept as a Solution  button below.

You can also say thanks by clicking on the Thumbs Up button!

Thanks for being an active member of our Community!

Japanese Community (日本語コミュニティ) |  Chinese Community (中文社区) |  German Community (Deutschsprachig) | French Community (Communauté française) | English Community | Spanish Community (Comunidad española)