SecuriTricks - CVE-2024-6053

Description

Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting.

Product(s) Impacted

Vendor	Product	Versions
Teamviewer	Meeting Teamviewer	* *
Apple	Macos	-
Linux	Linux Kernel	-
Microsoft	Windows	-

Weaknesses

CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

*CPE(s)

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	teamviewer	meeting	/	/	/	/	/	android	/	/
a	teamviewer	meeting	/	/	/	/	/	macos	/	/
a	teamviewer	meeting	/	/	/	/	/	windows	/	/
a	teamviewer	meeting	/	/	/	/	/	iphone_os	/	/
a	teamviewer	teamviewer	/	/	/	/	/	/	/	/
o	apple	macos	-	/	/	/	/	/	/	/
o	linux	linux_kernel	-	/	/	/	/	/	/	/
o	microsoft	windows	-	/	/	/	/	/	/	/

References

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1007/

CVSS Score

4.3 / 10

CVSS Data

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Date

Published: Aug. 28, 2024, 5:15 p.m.
Last Modified: Sept. 19, 2024, 5:22 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@teamviewer.com

CVE-2024-6053