Statement on CVE 2020-13699
Hi all,
Today we are releasing some updates for TeamViewer 8 through 15, for the Windows platform.
We implemented some improvements in URI handling relating to CVE 2020-13699.
Please see our Change Logs here.
Nota Bene: Thank you, Jeffrey Hofmann with Praetorian, for your professionalism and following a responsible disclosure model. We are grateful that you reached out to us and that you could confirm the fix of your findings in the latest release.
All the best,
Esther
Former Community Manager
Comments
-
and how important is it to deploy updated version that in our company? No infos about CVE 2020-13699 found....
1 -
Hi, my company has enterprise license for TV version 10. Since we are affected by the CVE-2020-13699, do we get to patch our TV?
0 -
Hi @junxian_li
We recommend to update all TeamViewer installation to the latest version. For TeamViewer 10 the patched version number is v10.0.258873.
You find the Change Log here: [Windows] v10.0.258873 - Change Log and the download here: TeamViewer Download for previous versions
Thanks and best,
Esther
Former Community Manager
0 -
Hi Esther,
Thanks, will update it.
Just wondering, why does another version (10.0.223995) appears when I click on Help -> Check for new version ?
update
0 -
Hi Esther,
We are on version 11.x Do we need an update for TV_Hosts and TV-Quick-Support?
Will updated files be available for download in the TeamViewer Management Console?
Those files are last updated on the 13th of July.Thank you.
Marc
0 -
HI @ma7c
All fresh downloads from within the Management Console should get the latest version automatically (=get.teamviewer.com/yourlink...).
The Management Console will offer you the update if you still have older versions in there via a banner that appears in the Design & Deploy tab.
That means, the next time, your customers are starting your customized modues, they should get the new version automatically.
If you deployed your Hosts via MSI, please make a new deployment with the updated Host as the MSI does not include an update feature.
Regular installed Hosts and full versions, having Automatic update enabled within the options, should already have received the update.
@junxian_li I am checking internally with the team and get back to you soonest why the PopUp does not show the correct version number.
Thanks and best,
Esther
Former Community Manager
0 -
Hi Esther,
this public Host-Installer from https://download.teamviewer.com/download/version_11x/TeamViewer_Host_Setup.exe is still an old version from last month (13th July). Will there be an update for re-deployment?
Thank you
Marc0 -
HI @ma7c
When downloading it, it gives me the correct version (Sorry for the screenshot in German):
See: [Windows] v11.0.258870 - Change Log
Can you check again?
Thanks, Esther
Former Community Manager
0 -
Hi @junxian_li
Thanks for your patience.
Would you mind to test the download again and see whether the PopUp now offers the correct version 10?
I am looking forward to your feedback.
Thanks and best, Esther
Former Community Manager
0 -
That's totally correct. I was on the msi TV-Host files, the .exe files are up-to-date.
Thank you, best regards
Marc1 -
@Esther The CVE indicates the vulnerability applies to version 15.8.3 also. When I attempt to update through the TV client it indicates I don't have an update, 15.8.3 is the latest available and the date on that is July 20th.
1 -
Hi @ShaverLake
Oh -where did you read that?
But no worries - TeamViewer 15.8.3 includes the patch for the CVE - see the versions Change Log.
We also released new versions for TeamViewer 8, 9, 10,11, 12, 13, 14.2 and 14.7 to address the topic.
Best, Esther
Former Community Manager
0 -
Does TeamViewer 15.8.3 for Windows update require older versions of TeamViewer to also update due to fix in URI handling? We are receiving error when connecting from TeamViewer 15 to TeamViewer 11 Host which should be backwards compatible.
"The remote TeamViewer is running an old version which is out of date. Therefore you cannot connect to this Version anymore."
0 -
Hi @MJW
The message you got indicates that you have not been signed in with your licensed TeamViewer account when trying to start the connection as connections to older TeamViewer versions require a license.
After logging in to your Computers & Contacts list you should be able to connect again.
Still - we recommend updating all endpoints to the latest version (not necessarily to TeamViewer 15, but within their version). There is an update for TeamViewer 11 available. See its Change Log here: [Windows] v11.0.258870 - Change Log
I hope this info helps you.
Best,
Esther
Former Community Manager
1 -
Could somebody of TeamViewer Team explain/elaborate about:
Does the problem concern the program on the side initiating the connection or also the program on the side hosting/sharing the remote desktop.I need to know whether I should update it also on remote computer stations or only locally in my office on all my local workstation which will connect to our remote clients (my company mainly deals with IT Support for our clients/customers).
Regards,
mLipok , AutoIt MVP0 -
Even on TeamViewer Host ?
Regards,
mLipok , AutoIt MVP0 -
Hi again,
Thanks for the question: yes - all installations ?
Best, Esther
Former Community Manager
0 -
as this is very important things to do I want to refresh one question which was discussed in this following IDEAS/FeatureRequest:
and ....
Ask how I can get the list of remote host where TV program is outdated ?Is it possible with any TeamViewer tools/api ?
Regards,
mLipok , AutoIt MVP0 -
-
Hi and good morning @sirmicho
Yes, also as @Sascha2 confirmed, TeamViewer v12.0.258869 is the latest version of TeamViewer 12 and it includes the patch discussed in this thread for CVE 2020-13699.
See the Change Log here: [Windows] v12.0.258869 - Change Log
Thanks and best,
Esther
Former Community Manager
1 -
I feel very concerned about this article, and I want to know id my version has a vulnerability about the information this article is referring
https://thehackernews.com/2020/08/teamviewer-password-hacking.html
I have 3 licenses v9
0 -
Hi @techmavcr
Thanks for your question.
We released an update to version 9 on July 28th, 2020. Please find the Change Log and the new version number here: [Windows] v9.0.258860 - Change Log
I will go ahead and move your post underneath the Statement on CVE 2020-13699 so that also other people can benefit from your question and my reply.
Thanks and best,
Esther
Former Community Manager
1 -
Do I need to uninstall? reinstall or do anything?
0 -
Does the vulnerability mentioned in CVE 2020-13699 affect QuickSupport, or does it apply only for the full version?
0