CVE-2022-23242 is a vulnerability in TeamViewer
Published on March 23, 2022
TeamViewer Linux - Deletion command not properly executed after process crash
TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.
Vulnerability Analysis
CVE-2022-23242 is exploitable with local system access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Products Associated with CVE-2022-23242
Want to know whenever a new CVE is published for TeamViewer? stack.watch will email you.
Affected Versions
TeamViewer for Linux:- Version 15.27, <= 15.27 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.