CVE-2022-23242

CVE-2022-23242 is a medium-severity vulnerability in Teamviewer with a CVSS 3.x base score of 6.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-404.

Key facts

Description

TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.

Frequently asked questions

What is CVE-2022-23242?
TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.
How severe is CVE-2022-23242?
CVE-2022-23242 has a CVSS 3.x base score of 6.3, rated medium severity. It is exploitable over local access with high attack complexity, requires high privileges and user interaction. Impact on confidentiality is high, integrity high, and availability high.
Is CVE-2022-23242 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (10th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2022-23242?
CVE-2022-23242 affects Teamviewer. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2022-23242?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2022-23242 published?
CVE-2022-23242 was published on 2022-03-23 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Teamviewer

All CVEs affecting Teamviewer →

Other CWE-404 vulnerabilities

Browse all CWE-404 vulnerabilities →