Login Sign Up

CVE-2021-34858

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on TeamViewer installations by tricking users into opening malicious TVS files. The flaw exists in improper validation during TVS file parsing, leading to out-of-bounds memory reads that can be leveraged for code execution. All TeamViewer users who open untrusted TVS files are affected.

💻 Affected Systems

Products:
  • TeamViewer
Versions: Versions prior to 15.28.3
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All TeamViewer installations with TVS file association enabled are vulnerable by default when opening malicious files.

📦 What is this software?

Teamviewer by Teamviewer

View all CVEs affecting Teamviewer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's computer, enabling data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Attacker executes malicious code with the same privileges as the TeamViewer process, potentially leading to credential theft, surveillance, or installation of persistent malware.

🟢

If Mitigated

If proper controls prevent execution of untrusted TVS files, impact is limited to denial of service or application crashes.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (opening malicious TVS file) but the vulnerability itself is straightforward to trigger once the file is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 15.28.3 and later

Vendor Advisory: https://community.teamviewer.com/English/discussion/117794/august-updates-security-patches/p1

Restart Required: Yes

Instructions:

1. Open TeamViewer. 2. Go to Help > Check for new version. 3. Follow prompts to update to version 15.28.3 or later. 4. Restart TeamViewer and computer if prompted.

🔧 Temporary Workarounds

Disable TVS file association

windows

Remove TeamViewer as default handler for .tvs files to prevent automatic execution

Windows: Control Panel > Default Programs > Associate a file type > Select .tvs > Change program

Block TVS files at perimeter

all

Prevent download of .tvs files from untrusted sources

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized code
  • Educate users to never open TVS files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check TeamViewer version in Help > About. If version is below 15.28.3, system is vulnerable.

Check Version:

Windows: "C:\Program Files (x86)\TeamViewer\TeamViewer.exe" --version

Verify Fix Applied:

Confirm version is 15.28.3 or higher in Help > About dialog.

📡 Detection & Monitoring

Log Indicators:

  • TeamViewer crash logs with memory access violations
  • Unexpected TVS file processing events

Network Indicators:

  • Downloads of .tvs files from suspicious sources
  • Outbound connections after TVS file processing

SIEM Query:

process_name="TeamViewer.exe" AND (event_id=1000 OR file_extension=".tvs")

📊 Metadata

CVE ID: CVE-2021-34858
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: January 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34858, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)