← ExploitWatch
HomeExploited Vulnerabilities

CVE-2019-18988 — Actively Exploited: Desktop (TeamViewer)

TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended Access password to the sys

CVE IDCVE-2019-18988
VendorTeamViewer
ProductDesktop
Vulnerability nameTeamViewer Desktop Bypass Remote Login Vulnerability
Date added2021-11-03
Remediation due2022-05-03
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionTeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended Access password to the system (which allows for remote login to the system).
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →