CVE-2022-50931

Summary

TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3client_win32.exe with custom files to potentially gain SYSTEM or Administrator-level access.

Affected Software

VendorProductVersion RangeStatus
TeamSpeakTeamSpeak3.5.6affected

Weaknesses

  • CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References