CVE-2021-35005: 
TeamViewer Remote vulnerability analysis and mitigation

CVE-2021-35005 is a local information disclosure vulnerability affecting TeamViewer installations. The vulnerability was discovered and reported to TeamViewer in June 2021 and was publicly disclosed on January 20, 2022. The issue affects TeamViewer versions up to (excluding) 15.18.5.0 (NVD, ZDI Advisory).

The vulnerability exists within the TeamViewer service and stems from improper validation of user-supplied data, which can result in a read past the end of an allocated array. The vulnerability has been assigned a CVSS v3.1 base score of 3.3 (LOW) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The issue is classified as CWE-125 (Out-of-bounds Read) (NVD).

When exploited, the vulnerability allows a low-privileged local attacker to disclose sensitive information from the service process memory. The disclosed information is written to the TeamViewer log file, where it can be accessed by the attacker. This information disclosure could potentially be leveraged as part of a larger exploit chain to achieve arbitrary code execution in the context of SYSTEM (TeamViewer Advisory).

TeamViewer patched this vulnerability in version 15.21.2, released on August 24, 2021. Users are advised to update to this version or later to protect against this vulnerability (TeamViewer Advisory).