Information Disclosure Vulnerability in TeamViewer Software by TeamViewer GmbH
CVE-2021-35005

3.3LOW

Key Information:

Vendor: Teamviewer
Status: Teamviewer
Vendor: CVE Published:; 24 January 2022

What is CVE-2021-35005?

This vulnerability allows local attackers to disclose sensitive information on systems running affected versions of TeamViewer. To exploit this vulnerability, an attacker must first execute low-privileged code on the target system. The flaw exists in the TeamViewer service due to improper validation of user-supplied data, enabling a read past the end of an allocated array. Attackers can potentially utilize this vulnerability alongside others to execute arbitrary code at the SYSTEM level, posing a significant risk to system integrity and confidentiality.

Affected Version(s)

TeamViewer 15.18.5.0

References

https://www.zerodayinitiative.com/advisories/ZDI-22-082/

x_refsource_MISC

https://community.teamviewer.com/English/discussion/11779...

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2022
Vulnerability Reserved
Jun 17, 2021

Credit

@Kharosx0