CVE-2024-7479: Improper signature verification of VPN driver installation in TeamViewer Remote Clients

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-7479

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Improper signature verification of VPN driver installation in TeamViewer Remote Clients

Source: NVD (National Vulnerability Database)

Vulnerability Description

Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

密码学签名的验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

TeamViewer 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

TeamViewer是TeamViewer公司的一款用于远程访问以及远程控制和远程维护计算机和其他终端设备的软件。 TeamViewer 15.58.4之前版本存在安全漏洞，该漏洞源于安装VPN驱动时加密签名验证不当，可能允许具有本地非特权访问权限的攻击者提升其权限并安装驱动程序。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
TeamViewer	Remote Full Client	15.0.0 ~ 15.58.4	-
TeamViewer	Remote Host	15.0.0 ~ 15.58.4	-

II. Public POCs for CVE-2024-7479

#	POC Description	Source Link	Shenlong Link
1	TeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.	https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481	POC Details
2	Proof of concept for CVE-2024-7479	https://github.com/fortra/CVE-2024-7479	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-7479

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: Remote Full Client

Same vendor: TeamViewer

Same weakness: CWE-347

V. Comments for CVE-2024-7479

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2024-7479

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-7479

III. Intelligence Information for CVE-2024-7479

IV. Related Vulnerabilities

V. Comments for CVE-2024-7479

Leave a comment