TeamViewer DEX is a remote desktop management tool used by organizations to manage and secure their devices. The vulnerability discovered in TeamViewer DEX allows authenticated attackers with Actioner privileges to inject arbitrary commands, enabling remote execution of elevated commands on connected devices.
You're affected if you use A command. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Upgrade to TeamViewer DEX V21.1 or later from the official website: https://www.teamviewer.com/en/downloads
- Immediate mitigations:
* Restrict network access to your TeamViewer DEX instance (firewall it from the public internet)
* Audit Actioner account activity for suspicious access patterns
* Monitor for unauthorized token creation