TeamViewer DEX is a remote desktop protocol used by TeamViewer, a popular remote access software. This vulnerability allows authenticated attackers with Actioner privileges to inject arbitrary commands on devices connected to the platform, potentially leading to unauthorized system execution and data theft.
You're affected if you use A command. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Upgrade to TeamViewer version 15.2.0 or later from the official website: https://www.teamviewer.com/en/downloads/
- Immediate mitigations:
- Restrict network access to your TeamViewer instance (firewall it from the public internet)
- Audit Actioner privileges for suspicious activity patterns
- Monitor for unauthorized token creation