Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-2451

Summary
Assigner-TV
Assigner Org ID-13430f76-86eb-43b2-a71c-82c956ef31b6
Published At-28 May, 2024 | 14:27
Updated At-01 Aug, 2024 | 19:11
Rejected At-
Credits

Improper fingerprint validation in the TeamViewer Client

Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:TV
Assigner Org ID:13430f76-86eb-43b2-a71c-82c956ef31b6
Published At:28 May, 2024 | 14:27
Updated At:01 Aug, 2024 | 19:11
Rejected At:
▼CVE Numbering Authority (CNA)
Improper fingerprint validation in the TeamViewer Client

Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading.

Affected Products
Vendor
TeamViewerTeamViewer
Product
Remote (Full Client)
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • From 15.48 before 15.54 (custom)
Vendor
TeamViewerTeamViewer
Product
Remote (Host)
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • From 15.48 before 15.54 (custom)
Vendor
TeamViewerTeamViewer
Product
Remote (Full Client)
Platforms
  • MacOS
Default Status
unaffected
Versions
Affected
  • From 15.51 before 15.54 (custom)
Vendor
TeamViewerTeamViewer
Product
Remote (Host)
Platforms
  • MacOS
Default Status
unaffected
Versions
Affected
  • From 15.51 before 15.54 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-347CWE-347 Improper Verification of Cryptographic Signature
Type: CWE
CWE ID: CWE-347
Description: CWE-347 Improper Verification of Cryptographic Signature
Metrics
VersionBase scoreBase severityVector
3.16.4MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233 Privilege Escalation
CAPEC ID: CAPEC-233
Description: CAPEC-233 Privilege Escalation
Solutions

Update to the latest version (15.54 or higher)

Configurations
Workarounds
Exploits
Credits
finder
Maximilian Barz
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1004/
N/A
Hyperlink: https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1004/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
TeamViewerteamviewer
Product
remote
CPEs
  • cpe:2.3:a:teamviewer:remote:15.48:*:*:*:*:*:*:*
  • cpe:2.3:a:teamviewer:remote:15.51:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 15.48 before 15.54 (custom)
  • From 15.51 before 15.54 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1004/
x_transferred
Hyperlink: https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1004/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@teamviewer.com
Published At:28 May, 2024 | 15:15
Updated At:28 May, 2024 | 17:11

Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.4MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-347Secondarypsirt@teamviewer.com
CWE ID: CWE-347
Type: Secondary
Source: psirt@teamviewer.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1004/psirt@teamviewer.com
N/A
Hyperlink: https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1004/
Source: psirt@teamviewer.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2024-7479
Matching Score-6
Assigner-TeamViewer Germany GmbH
ShareView Details
Matching Score-6
Assigner-TeamViewer Germany GmbH
CVSS Score-8.8||HIGH
EPSS-5.10% / 89.58%
||
7 Day CHG~0.00%
Published-25 Sep, 2024 | 10:34
Updated-26 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper signature verification of VPN driver installation in TeamViewer Remote Clients

Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers.

Action-Not Available
Vendor-TeamViewer
Product-Remote Full ClientRemote Hosthostfull_client
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-7481
Matching Score-6
Assigner-TeamViewer Germany GmbH
ShareView Details
Matching Score-6
Assigner-TeamViewer Germany GmbH
CVSS Score-8.8||HIGH
EPSS-0.35% / 57.03%
||
7 Day CHG~0.00%
Published-25 Sep, 2024 | 10:33
Updated-26 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper signature verification of Printer driver installation in TeamViewer Remote Clients

Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers.

Action-Not Available
Vendor-TeamViewer
Product-Remote Full ClientRemote Hosthost
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-36347
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 0.64%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 22:14
Updated-01 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsAMD Ryzen™ 7040 Series Processors with Radeon™ GraphicsAMD EPYC™ 7001 SeriesAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsAMD EPYC™ 9005 SeriesAMD EPYC™ Embedded 7003AMD EPYC™ Embedded 3000AMD EPYC™ Embedded 97X4AMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsAMD Ryzen™ Embedded R2000AMD Ryzen™ 7045 Series Mobile ProcessorsAMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsAMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsAMD EPYC™ Embedded 9004AMD Ryzen™ Embedded 7000AMD EPYC™ 7002 SeriesAMD Ryzen™ 7000 Series Desktop ProcessorsAMD Ryzen™ 7000 Series Processors with Radeon™ GraphicsAMD Ryzen™Embedded V3000AMD Ryzen™ AI Max +AMD EPYC™ 9004 SeriesAMD Ryzen™ 7035 Series Processor with Radeon™ GraphicsAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD EPYC™ 4004 SeriesAMD EPYC™ 7003 SeriesAMD Ryzen™ 3000 Series Desktop ProcessorsAMD Ryzen™ Threadripper™ 3000 Series ProcessorsAMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop ProcessorsAMD Ryzen™ AI 300 SeriesAMD EPYC™ Embedded 8004AMD EPYC™ Embedded 7002AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsAMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsAMD Ryzen™ Embedded R1000AMD Ryzen™ Embedded V1000AMD Ryzen™ 5000 Series Desktop ProcessorsAMD Ryzen™ 9000 Series Desktop ProcessorsAMD Ryzen™ 4000 Series Desktop Processor with Radeon™ GraphicsAMD Instinct™ MI300AAMD Ryzen™ 8000 Series Processor with Radeon™ GraphicsAMD Ryzen™ 9000HX Series Mobile ProcessorsAMD Ryzen™ Embedded 5000AMD Ryzen™Embedded V2000AMD Ryzen™ 6000 Series Processor with Radeon™ GraphicsAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-15705
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 8.95%
||
7 Day CHG~0.00%
Published-29 Jul, 2020 | 17:45
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

Action-Not Available
Vendor-GNUSUSEDebian GNU/LinuxMicrosoft CorporationCanonical Ltd.Red Hat, Inc.openSUSEUbuntu
Product-ubuntu_linuxwindows_server_2016debian_linuxenterprise_linux_atomic_hostwindows_8.1windows_server_2012openshift_container_platformenterprise_linuxsuse_linux_enterprise_serverwindows_rt_8.1windows_10grub2windows_server_2019leapgrub2 in Ubuntu
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-34709
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.02% / 5.82%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 05:00
Updated-07 Nov, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software for Cisco 8000 and Network Convergence System 540 Series Routers Image Verification Vulnerabilities

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-82018101-32h8201-32fhn540-24z8q2c-m8800_4-slotn540-28z4c-sys-an540x-16z4g8q2c-dn540-acc-sysn540-28z4c-sys-d8800_18-slotn540x-acc-sys8202n540-12z20g-sys-dn540x-12z16g-sys-dn540x-12z16g-sys-a8101-32fh8102-64h8800_8-slotn540-12z20g-sys-an540-24z8q2c-sys8800_12-slotios_xrn540x-16z4g8q2c-aCisco IOS XR Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
Details not found