CVE-2024-7481
📋 TL;DR
This vulnerability allows an attacker with local unprivileged access on a Windows system to bypass cryptographic signature verification during printer driver installation via TeamViewer_service.exe, enabling privilege escalation to SYSTEM level. It affects TeamViewer Remote Clients for Windows prior to version 15.58.4.
💻 Affected Systems
- TeamViewer Remote Client for Windows
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full SYSTEM privilege compromise allowing complete control of the Windows system, installation of malicious drivers, persistence mechanisms, and lateral movement.
Likely Case
Local privilege escalation from a standard user account to SYSTEM privileges, enabling installation of malicious software, credential theft, and bypassing security controls.
If Mitigated
Limited impact if proper endpoint protection, application whitelisting, and least privilege principles are enforced, though the vulnerability still provides a path to SYSTEM access.
🎯 Exploit Status
Exploitation requires local access but is straightforward once initial access is obtained; no public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 15.58.4 and later
Vendor Advisory: https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1006/
Restart Required: Yes
Instructions:
1. Open TeamViewer. 2. Go to Help > Check for new version. 3. Follow prompts to update to version 15.58.4 or later. 4. Restart the system after installation.
🔧 Temporary Workarounds
Disable TeamViewer Service
windowsStop and disable the TeamViewer_service.exe service to prevent exploitation, but this will break TeamViewer functionality.
sc stop TeamViewer
sc config TeamViewer start= disabled
Restrict Local Access
allImplement strict access controls to prevent unauthorized local access to Windows systems.
🧯 If You Can't Patch
- Remove TeamViewer from affected systems entirely if not required for business operations.
- Implement application whitelisting to block execution of unauthorized drivers and TeamViewer_service.exe modifications.
🔍 How to Verify
Check if Vulnerable:
Check TeamViewer version in the application (Help > About) or via registry: HKEY_LOCAL_MACHINE\SOFTWARE\TeamViewer\Version.Check Version:
reg query "HKLM\SOFTWARE\TeamViewer" /v VersionVerify Fix Applied:
Confirm TeamViewer version is 15.58.4 or higher using the same methods as checking vulnerability.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs: Look for Event ID 7045 (Service installed) or 4697 (Service installed) related to TeamViewer or unknown drivers.
- TeamViewer logs: Unusual driver installation attempts or service modifications.
Network Indicators:
- No direct network indicators; this is a local privilege escalation vulnerability.
SIEM Query:
EventID=7045 OR EventID=4697 | where ServiceName contains "TeamViewer" or ImagePath contains suspicious driver paths