The developers of TeamViewer warn of a security vulnerability in the Teamviewer client. Attackers with low privileges could then connect to other users - and thus expand their privileges. An update for the client is available that corrects the problem.

In the according security notice, the TeamViewer developers write that access to set a personal password does not require administrator rights. This allows users with low rights in multi-user systems with access to the client to assign a personal password. This allows them to remotely access other currently logged in users on the system (CVE-2024-0819, CVSS 7.3, risk high).

TeamViewer: Extension of rights through personal password

The CVE entry formulates the consequences more clearly: Inappropriate initialization of default settings in the TeamViewer Remote Client before version 15.51.5 for Linux, macOS and Windows allows low-privilege users to expand their rights by changing the personal password and establishing a remote access session create logged in administrator access.

The developers of TeamViewer explain that clients with the setting "changes require administrative right on this computer" or other security functions activated and correctly configured are not vulnerable. They expressly recommend securing easy access for unsupervised access with two-factor authentication. If you still want to use a personal password for this, you should make sure to follow the guidelines and use a strong password.

Both the TeamViewer Remote Full Client and TeamViewer Remote Host are available for download as bug-fixed version 15.51.5 on the company's download page. IT managers and TeamViewer users should install the update quickly.

Find TeamViewer also on the UpdateStar download portal.