Local Authenticated User Can Delete Arbitrary Files Prior to v24.12 on Windows
CVE-2024-12363

7.1HIGH

Key Information:

Vendor: Teamviewer
Status: Patch & Asset Management
Vendor: CVE Published:; 11 December 2024

Summary

The TeamViewer Patch & Asset Management component prior to version 24.12 on Windows is affected by an insufficient permissions vulnerability that enables local authenticated users to delete arbitrary files. This vulnerability potentially compromises system integrity and poses significant risks to data availability and management within the TeamViewer Remote Management framework. Users are advised to upgrade to the latest version to mitigate this vulnerability and ensure secure operations.

Affected Version(s)

Patch & Asset Management Windows 0 < 24.12

References

https://www.teamviewer.com/en/resources/trust-center/secu...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2024
Vulnerability Reserved
Dec 9, 2024