TeamViewer password vulnerability CVE-2024-0819

Stop - Pixabay[German]A short warning to readers who use the TeamViewer remote maintenance software still with a "personal password". The client for Windows should urgently be updated to version 15.51.5. The manufacturer has published a security notice stating that older software versions only offer incomplete protection of personal password settings. Here are the details what you need to know.


TeamViewer is a proprietary software for remote access, remote control and remote maintenance of computers and other end devices that was released in 2005. I came across the information via the following tweet that TeamViewer has published the security warningTV-2024-1001 (Incomplete protection of personal password settings) .

TeamViewer warning

The provider TeamViewer warns of the vulnerability CVE-2024-0819 in its remote maintenance client for Windows, Linux and macOS. By improperly initialising the default settings in the TeamViewer Remote Client prior to version 15.51.5 for Windows, Linux and macOS, a user with low privileges can increase their rights. This is possible by changing the setting for the personal password and establishing a remote connection to a logged-in admin account, according to the NIST page.

The vendor is a little more specific and writes that a vulnerability was found in the TeamViewer client prior to version 15.51.5 that could allow an unprivileged user on a multi-user system to set a personal password.

In the Teamviewer client prior to version 15.51.5, access to the personal password setting does not require administrator rights. A low privileged user on a multi-user system who has access to the client can set a personal password. This may allow an unprivileged user to establish a remote connection to other currently logged in users on the same system.


The vulnerability has a CVSS 3.0 score of 7.8 (High) and affects all client versions prior to version 15.51.5 that use a personal password. The problem has been fixed with version 15.51.5..

TeamViewer clients with activated setting "Changes require administrative rights on this computer" or additional security functions, e.g:

  • Password options
  • Conditional access
  • BYOC
  • Block & Allow List
    Access control
    TFA for connections
    One-time password

that are active and correctly configured are not affected. TeamViewer recommends the use of Easy Access for unattended access. In combination with two-factor authentication, this protection covers access to the TeamViewer account and any computer that is supported via TeamViewer.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Software and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *