TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system.
CVE-2019-18988
Score elevated to 9.0 because this CVE is listed on the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating real-world exploitation has been confirmed by US federal agencies. NVD baseline CVSS 7.0 retained for reference. Confidence: HIGH.
- Actively exploited in the wild (CISA-KEV)
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 7.0
- EG Score
- 9.0(high)
- EPSS
- 90.7%
- KEV
- ⚠ Exploited
Published
February 7, 2020
Last Modified
November 7, 2025
Advisory Details (4)
Auto-updated Jun 12, 2026Known Exploited Vulnerabilities Catalog | CISA
Known Exploited Vulnerabilities Catalog | CISA. Listed in CISA Known Exploited Vulnerabilities catalog.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-18988Nic Losby on X: "https://t.co/avUoHNCJ4G Teamviewer has been storing user passwords encrypted with AES, not hashed, in the registry accessible to low privilege users on the machine. This works for versions dating back from at least as far back as 2012 to the latest version." / X
https://twitter.com/Blurbdust/status/1224212682594770946?s=20Specification on CVE-2019-18988 - TeamViewer Community
https://community.teamviewer.com/t5/Announcements/Specification-on-CVE-2019-18988/td-p/82264Weakness Classification(1)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 104× in last 7d / 439× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Showing the most recent 100 of 622 total refreshes for this CVE.
- 2026-07-11 21:33 UTCEG score recompute
- 2026-07-11 21:33 UTCGHSA enrichment
- 2026-07-11 17:54 UTCEG score recompute
- 2026-07-11 17:54 UTCGHSA enrichment
- 2026-07-11 14:14 UTCEG score recompute
- 2026-07-11 14:14 UTCGHSA enrichment
- 2026-07-11 10:35 UTCEG score recompute
- 2026-07-11 10:34 UTCGHSA enrichment
- 2026-07-11 08:24 UTCEPSS rescore
- 2026-07-11 08:24 UTCEPSS rescore
- 2026-07-11 06:53 UTCEG score recompute
- 2026-07-11 06:53 UTCGHSA enrichment
- 2026-07-11 03:13 UTCEG score recompute
- 2026-07-11 03:13 UTCGHSA enrichment
- 2026-07-10 23:33 UTCEG score recompute
- 2026-07-10 23:32 UTCGHSA enrichment
- 2026-07-10 19:52 UTCEG score recompute
- 2026-07-10 19:52 UTCGHSA enrichment
- 2026-07-10 17:52 UTCCISA KEV update
- 2026-07-10 16:12 UTCEG score recompute
- 2026-07-10 16:11 UTCGHSA enrichment
- 2026-07-10 12:30 UTCEG score recompute
- 2026-07-10 12:30 UTCGHSA enrichment
- 2026-07-10 08:47 UTCEG score recompute
- 2026-07-10 08:47 UTCGHSA enrichment
Show 75 moreShow fewer
- 2026-07-10 05:05 UTCEG score recompute
- 2026-07-10 05:05 UTCGHSA enrichment
- 2026-07-10 01:25 UTCEG score recompute
- 2026-07-10 01:25 UTCGHSA enrichment
- 2026-07-09 21:44 UTCEG score recompute
- 2026-07-09 21:43 UTCGHSA enrichment
- 2026-07-09 19:06 UTCEPSS rescore
- 2026-07-09 18:03 UTCEG score recompute
- 2026-07-09 18:03 UTCGHSA enrichment
- 2026-07-09 14:24 UTCEG score recompute
- 2026-07-09 14:23 UTCGHSA enrichment
- 2026-07-09 10:42 UTCEG score recompute
- 2026-07-09 10:42 UTCGHSA enrichment
- 2026-07-09 07:03 UTCEG score recompute
- 2026-07-09 07:03 UTCGHSA enrichment
- 2026-07-09 03:23 UTCEG score recompute
- 2026-07-09 03:23 UTCGHSA enrichment
- 2026-07-08 23:42 UTCEG score recompute
- 2026-07-08 23:42 UTCGHSA enrichment
- 2026-07-08 20:03 UTCEG score recompute
- 2026-07-08 20:03 UTCGHSA enrichment
- 2026-07-08 16:23 UTCEG score recompute
- 2026-07-08 16:23 UTCGHSA enrichment
- 2026-07-08 15:11 UTCEPSS rescore
- 2026-07-08 12:42 UTCEG score recompute
- 2026-07-08 12:42 UTCGHSA enrichment
- 2026-07-08 09:02 UTCEG score recompute
- 2026-07-08 09:02 UTCGHSA enrichment
- 2026-07-08 05:22 UTCEG score recompute
- 2026-07-08 05:22 UTCGHSA enrichment
- 2026-07-08 01:41 UTCEG score recompute
- 2026-07-08 01:41 UTCGHSA enrichment
- 2026-07-07 22:00 UTCEG score recompute
- 2026-07-07 22:00 UTCGHSA enrichment
- 2026-07-07 19:01 UTCCISA KEV update
- 2026-07-07 18:21 UTCEG score recompute
- 2026-07-07 18:20 UTCGHSA enrichment
- 2026-07-07 17:16 UTCCISA KEV update
- 2026-07-07 14:38 UTCEG score recompute
- 2026-07-07 14:38 UTCGHSA enrichment
- 2026-07-07 13:43 UTCEPSS rescore
- 2026-07-07 10:56 UTCEG score recompute
- 2026-07-07 10:56 UTCGHSA enrichment
- 2026-07-07 07:17 UTCEG score recompute
- 2026-07-07 07:17 UTCGHSA enrichment
- 2026-07-07 03:37 UTCEG score recompute
- 2026-07-07 03:36 UTCGHSA enrichment
- 2026-07-06 23:56 UTCEG score recompute
- 2026-07-06 23:56 UTCGHSA enrichment
- 2026-07-06 20:16 UTCEG score recompute
- 2026-07-06 20:15 UTCGHSA enrichment
- 2026-07-06 16:34 UTCEG score recompute
- 2026-07-06 16:34 UTCGHSA enrichment
- 2026-07-06 16:25 UTCEPSS rescore
- 2026-07-06 16:25 UTCEPSS rescore
- 2026-07-06 12:54 UTCEG score recompute
- 2026-07-06 12:53 UTCGHSA enrichment
- 2026-07-06 09:13 UTCEG score recompute
- 2026-07-06 09:13 UTCGHSA enrichment
- 2026-07-06 05:32 UTCEG score recompute
- 2026-07-06 05:32 UTCGHSA enrichment
- 2026-07-06 02:20 UTCEPSS rescore
- 2026-07-06 01:53 UTCEG score recompute
- 2026-07-06 01:53 UTCGHSA enrichment
- 2026-07-05 22:13 UTCEG score recompute
- 2026-07-05 22:13 UTCGHSA enrichment
- 2026-07-05 18:32 UTCEG score recompute
- 2026-07-05 18:32 UTCGHSA enrichment
- 2026-07-05 14:52 UTCEG score recompute
- 2026-07-05 14:52 UTCGHSA enrichment
- 2026-07-05 11:10 UTCEG score recompute
- 2026-07-05 11:10 UTCGHSA enrichment
- 2026-07-05 07:30 UTCEG score recompute
- 2026-07-05 07:30 UTCGHSA enrichment
- 2026-07-05 03:48 UTCEG score recompute
Publicly available exploits
(3 references)Working exploit code is in the public domain (1 Metasploit module) (2 GitHub PoCs). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
- GitHub PoCmr-r3b00t/CVE-2019-18988First seen Jul 13, 2020
TeamViewer Store Credentials Decryption
Open source ↗ - Open source ↗GitHub PoCreversebrain/CVE-2019-18988First seen Jul 1, 2020
- Metasploitpost/windows/gather/credentials/teamviewer_passwords✓ verifiedFirst seen Jan 1, 2019
Windows Gather TeamViewer Passwords
Open source ↗
Frequently asked(6)
What is CVE-2019-18988?
When was CVE-2019-18988 disclosed?
Is CVE-2019-18988 actively exploited?
What is the CVSS score of CVE-2019-18988?
Which products are affected by CVE-2019-18988?
How do I remediate CVE-2019-18988?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2019-18988
Is Your Infrastructure Affected by CVE-2019-18988?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.