Hello. A vulnerability for TeamSpeak 3.5.6 was recently disclosed. TeamSpeak 3.5.6 is not the latest version, and nothing on the report shows if newer versions are impacted.
Are the latest versions of TeamSpeak 3 and 6 impacted by this? If so, when can we expect a security patch? Thank you.
CVE Page: https://www.cve.org/CVERecord?id=CVE-2022-50931
Exploit DB: TeamSpeak 3.5.6 - Insecure File Permissions - Windows local Exploit
Vulncheck: TeamSpeak 3.5.6 - Insecure File Permissions | Advisories | VulnCheck
I’ll let the team know and update once possible.
2 Likes
Hey, thank you for bringing this issue to our attention and for sharing the related references. We have reviewed the reports and came to the conclusion that:
- This is a local-only issue and cannot be exploited remotely.
- Exploitation requires manual user interaction and access to the local system.
We continue to review installer configurations and will take appropriate action if required. As of now, no immediate security patch is planned.
2 Likes
Thank you for looking into this. Just so we are clear, this does currently impact the current version of TeamSpeak 3 and the TeamSpeak 6 beta clients (for Windows) or is this limited to TeamSpeak 3.5.6? Thanks.
From our knowledge this only affects 3.5.6. We are not aware of other TS3 client versions that are affected by this. The TS6 client is built using different frameworks and rarely share commonalities, meaning this vulnerability is most likely not present there.
Nevertheless, we appreciate you taking the time to report this and helping us keep TeamSpeak secure.
2 Likes
