Remote access software TeamViewer has recently fixed a security vulnerability that had the potential to allow access and exploit Windows computers, said Bleeping Computer. It was labeled a high severity bug and was categorized as an Unquoted Search Path or Element.
The flaw, called CVE-2020-13699, was discovered to let hackers forge a connection between your computers, then manipulate the system to execute codes remotely and without your authentication. It can also be used to crack or obtain your password.
More individuals are vulnerable to such attacks as the virus pandemic has compelled employers and employees to work from home and use remote access apps such as TeamViewer.
Bleeping Computer explained that the fixed vulnerability was under CWE-428, also called Unquoted Search Path or Element, which is considered a special category. Such a flaw lets malicious parties exploit the fact that arguments within a code are unquoted.
More specifically, the report said that “this can cause a program to treat the arguments as direct commands, rather than an input value.”
How CVE-2020-13699 Worked
An attacker who wants to gain unauthorized access to a target system would need to use a malicious page embedded with an inline frame or iframe, an HTML document that is placed within the HTML for the page.
The iframe, which is often hidden or disguised, would be loaded as the “teamviewer10:” URI scheme. This will launch the TeamViewer application on the computer. Such custom URI schemes are often used by services to easily launch their apps.
With the TeamViewer exploit, hackers would use a malicious code as an attribute attached to the URI scheme, which would tell the installed app to connect to a malicious server.
Praetorian security engineer Jeffrey Hofmann said, “An attacker could embed a malicious iframe in a website with a crafted URL… that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share.”
As the target system is the one initiating a connection, such a link does not require passwords, which can leave the machine open for further exploitations.
Help Net Security remarked that this flaw could be used to perform targeted watering hole attacks or the hacking strategy of predicting what sites users often use, then infecting them with malware to gain access to user machines.
Aside from TeamViewer10, other versions were affected by the flaw. Fortunately, the company was able to patch up the bug by adding quotes for the code in question.