Memory Vulnerability in TeamViewer Affects User Password Security
CVE-2018-14333

8.1HIGH

Key Information:

Vendor: Teamviewer
Status: Teamviewer
Vendor: CVE Published:; 17 July 2018

What is CVE-2018-14333?

TeamViewer, up to version 13.1.1548, is susceptible to a memory exposure vulnerability where passwords are stored in Unicode format within the process memory. This occurs between specific byte delimiters, allowing threat actors to potentially access sensitive information from unattended workstations. If an attacker has physical or remote access to a system where TeamViewer is running, they may exploit this vulnerability to extract passwords, thereby compromising account security.

References

https://github.com/vah13/extractTVpasswords

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2018
Vulnerability Reserved
Jul 16, 2018

Teamviewer

What is CVE-2018-14333?

References

CVSS V3.1

Timeline