CVE-2019-18988 — Actively Exploited: Desktop (TeamViewer)
TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended Access password to the sys
| CVE ID | CVE-2019-18988 |
|---|---|
| Vendor | TeamViewer |
| Product | Desktop |
| Vulnerability name | TeamViewer Desktop Bypass Remote Login Vulnerability |
| Date added | 2021-11-03 |
| Remediation due | 2022-05-03 |
| Known ransomware use | Unknown |
| Required action | Apply updates per vendor instructions. |
| Description | TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended Access password to the system (which allows for remote login to the system). |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →