Local Authenticated User Can Delete Arbitrary Files Prior to v24.12 on Windows

CVE-2024-12363

7.1HIGH

Key Information

Vendor: Teamviewer
Status: Patch & Asset Management
Vendor: CVE Published:; 11 December 2024

Summary

Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. TeamViewer Patch & Asset Management is part of TeamViewer Remote Management.

Affected Version(s)

Patch & Asset Management < 24.12

Refferences

https://www.teamviewer.com/en/resources/trust-center/secu...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 11, 2024
Vulnerability Reserved.
Dec 9, 2024

Collectors

NVD DatabaseMitre Database