CVE-2024-0819: 
NixOS vulnerability analysis and mitigation

A security vulnerability (CVE-2024-0819) was discovered in TeamViewer Remote Client versions prior to 15.51.5 for Windows, Linux, and macOS. The vulnerability stems from improper initialization of default settings, which allows low-privileged users to elevate privileges by manipulating personal password settings and establishing remote connections to logged-in admin accounts (TeamViewer Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) by NIST and 7.3 (High) by TeamViewer Germany GmbH. The vulnerability is classified under CWE-269 (Improper Privilege Management). The attack vector is local (AV:L), requiring low attack complexity (AC:L) and low privileges (PR:L). The vulnerability affects the personal password setting functionality, where access doesn't require administrative rights on multi-user systems (NVD, TeamViewer Advisory).

The vulnerability enables low-privileged users on shared systems to set personal passwords without administrative rights. This could potentially allow unauthorized users to establish remote connections to other currently logged-in users on the same system, including admin accounts, leading to unauthorized access and potential privilege escalation (Security Online).

TeamViewer has released version 15.51.5 to address this vulnerability. Users are advised to update immediately. Additional security measures include enabling 'Changes require administrative rights on this computer,' setting a strong Options password, implementing Two-Factor Authentication, and using Easy Access mode for unattended access. Systems with activated security features such as Block & Allow List, Access Control, or One-time-password are not affected (TeamViewer Advisory).