CVE-2019-18988

HIGHNVD 7.09.0
EchelonGraph scoreHIGH confidence

Score elevated to 9.0 because this CVE is listed on the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating real-world exploitation has been confirmed by US federal agencies. NVD baseline CVSS 7.0 retained for reference. Confidence: HIGH.

Triggered by: CISA KEV (actively exploited)
Sources: cisa_kev, epss, ghsa, nvd
Trending — 4 sources updated this weekExploited in the wild
7.0
EchelonGraph verdictPatch nowTreat as an emergency — this is being exploited.
  • Actively exploited in the wild (CISA-KEV)
CISA-KEV: ExploitedEPSS: 5%CVSS: 7.0Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system.

CVSS v3
7.0
EG Score
9.0(high)
EPSS
90.7%
KEV
⚠ Exploited

Published

February 7, 2020

Last Modified

November 7, 2025

Advisory Details (4)

Auto-updated Jun 12, 2026
⚠️ Active exploitation confirmed. Patch available. Sources: cisa.
cisa Patch Available🔴 Active Exploitation

Known Exploited Vulnerabilities Catalog | CISA

Known Exploited Vulnerabilities Catalog | CISA. Listed in CISA Known Exploited Vulnerabilities catalog.

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-18988
generic

TeamViewer - WhyNotSecurity

https://whynotsecurity.com/blog/teamviewer/
generic

Nic Losby on X: "https://t.co/avUoHNCJ4G Teamviewer has been storing user passwords encrypted with AES, not hashed, in the registry accessible to low privilege users on the machine. This works for versions dating back from at least as far back as 2012 to the latest version." / X

https://twitter.com/Blurbdust/status/1224212682594770946?s=20

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

Data Freshness Timeline

(refreshed 104× in last 7d / 439× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

Showing the most recent 100 of 622 total refreshes for this CVE.

  1. 2026-07-11 21:33 UTCEG score recompute
  2. 2026-07-11 21:33 UTCGHSA enrichment
  3. 2026-07-11 17:54 UTCEG score recompute
  4. 2026-07-11 17:54 UTCGHSA enrichment
  5. 2026-07-11 14:14 UTCEG score recompute
  6. 2026-07-11 14:14 UTCGHSA enrichment
  7. 2026-07-11 10:35 UTCEG score recompute
  8. 2026-07-11 10:34 UTCGHSA enrichment
  9. 2026-07-11 08:24 UTCEPSS rescore
  10. 2026-07-11 08:24 UTCEPSS rescore
  11. 2026-07-11 06:53 UTCEG score recompute
  12. 2026-07-11 06:53 UTCGHSA enrichment
  13. 2026-07-11 03:13 UTCEG score recompute
  14. 2026-07-11 03:13 UTCGHSA enrichment
  15. 2026-07-10 23:33 UTCEG score recompute
  16. 2026-07-10 23:32 UTCGHSA enrichment
  17. 2026-07-10 19:52 UTCEG score recompute
  18. 2026-07-10 19:52 UTCGHSA enrichment
  19. 2026-07-10 17:52 UTCCISA KEV update
  20. 2026-07-10 16:12 UTCEG score recompute
  21. 2026-07-10 16:11 UTCGHSA enrichment
  22. 2026-07-10 12:30 UTCEG score recompute
  23. 2026-07-10 12:30 UTCGHSA enrichment
  24. 2026-07-10 08:47 UTCEG score recompute
  25. 2026-07-10 08:47 UTCGHSA enrichment
Show 75 more
  1. 2026-07-10 05:05 UTCEG score recompute
  2. 2026-07-10 05:05 UTCGHSA enrichment
  3. 2026-07-10 01:25 UTCEG score recompute
  4. 2026-07-10 01:25 UTCGHSA enrichment
  5. 2026-07-09 21:44 UTCEG score recompute
  6. 2026-07-09 21:43 UTCGHSA enrichment
  7. 2026-07-09 19:06 UTCEPSS rescore
  8. 2026-07-09 18:03 UTCEG score recompute
  9. 2026-07-09 18:03 UTCGHSA enrichment
  10. 2026-07-09 14:24 UTCEG score recompute
  11. 2026-07-09 14:23 UTCGHSA enrichment
  12. 2026-07-09 10:42 UTCEG score recompute
  13. 2026-07-09 10:42 UTCGHSA enrichment
  14. 2026-07-09 07:03 UTCEG score recompute
  15. 2026-07-09 07:03 UTCGHSA enrichment
  16. 2026-07-09 03:23 UTCEG score recompute
  17. 2026-07-09 03:23 UTCGHSA enrichment
  18. 2026-07-08 23:42 UTCEG score recompute
  19. 2026-07-08 23:42 UTCGHSA enrichment
  20. 2026-07-08 20:03 UTCEG score recompute
  21. 2026-07-08 20:03 UTCGHSA enrichment
  22. 2026-07-08 16:23 UTCEG score recompute
  23. 2026-07-08 16:23 UTCGHSA enrichment
  24. 2026-07-08 15:11 UTCEPSS rescore
  25. 2026-07-08 12:42 UTCEG score recompute
  26. 2026-07-08 12:42 UTCGHSA enrichment
  27. 2026-07-08 09:02 UTCEG score recompute
  28. 2026-07-08 09:02 UTCGHSA enrichment
  29. 2026-07-08 05:22 UTCEG score recompute
  30. 2026-07-08 05:22 UTCGHSA enrichment
  31. 2026-07-08 01:41 UTCEG score recompute
  32. 2026-07-08 01:41 UTCGHSA enrichment
  33. 2026-07-07 22:00 UTCEG score recompute
  34. 2026-07-07 22:00 UTCGHSA enrichment
  35. 2026-07-07 19:01 UTCCISA KEV update
  36. 2026-07-07 18:21 UTCEG score recompute
  37. 2026-07-07 18:20 UTCGHSA enrichment
  38. 2026-07-07 17:16 UTCCISA KEV update
  39. 2026-07-07 14:38 UTCEG score recompute
  40. 2026-07-07 14:38 UTCGHSA enrichment
  41. 2026-07-07 13:43 UTCEPSS rescore
  42. 2026-07-07 10:56 UTCEG score recompute
  43. 2026-07-07 10:56 UTCGHSA enrichment
  44. 2026-07-07 07:17 UTCEG score recompute
  45. 2026-07-07 07:17 UTCGHSA enrichment
  46. 2026-07-07 03:37 UTCEG score recompute
  47. 2026-07-07 03:36 UTCGHSA enrichment
  48. 2026-07-06 23:56 UTCEG score recompute
  49. 2026-07-06 23:56 UTCGHSA enrichment
  50. 2026-07-06 20:16 UTCEG score recompute
  51. 2026-07-06 20:15 UTCGHSA enrichment
  52. 2026-07-06 16:34 UTCEG score recompute
  53. 2026-07-06 16:34 UTCGHSA enrichment
  54. 2026-07-06 16:25 UTCEPSS rescore
  55. 2026-07-06 16:25 UTCEPSS rescore
  56. 2026-07-06 12:54 UTCEG score recompute
  57. 2026-07-06 12:53 UTCGHSA enrichment
  58. 2026-07-06 09:13 UTCEG score recompute
  59. 2026-07-06 09:13 UTCGHSA enrichment
  60. 2026-07-06 05:32 UTCEG score recompute
  61. 2026-07-06 05:32 UTCGHSA enrichment
  62. 2026-07-06 02:20 UTCEPSS rescore
  63. 2026-07-06 01:53 UTCEG score recompute
  64. 2026-07-06 01:53 UTCGHSA enrichment
  65. 2026-07-05 22:13 UTCEG score recompute
  66. 2026-07-05 22:13 UTCGHSA enrichment
  67. 2026-07-05 18:32 UTCEG score recompute
  68. 2026-07-05 18:32 UTCGHSA enrichment
  69. 2026-07-05 14:52 UTCEG score recompute
  70. 2026-07-05 14:52 UTCGHSA enrichment
  71. 2026-07-05 11:10 UTCEG score recompute
  72. 2026-07-05 11:10 UTCGHSA enrichment
  73. 2026-07-05 07:30 UTCEG score recompute
  74. 2026-07-05 07:30 UTCGHSA enrichment
  75. 2026-07-05 03:48 UTCEG score recompute

Publicly available exploits

(3 references)

Working exploit code is in the public domain (1 Metasploit module) (2 GitHub PoCs). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.

  • GitHub PoCmr-r3b00t/CVE-2019-18988
    First seen Jul 13, 2020

    TeamViewer Store Credentials Decryption

    Open source ↗
  • GitHub PoCreversebrain/CVE-2019-18988
    First seen Jul 1, 2020
    Open source ↗
  • Metasploitpost/windows/gather/credentials/teamviewer_passwords✓ verified
    First seen Jan 1, 2019

    Windows Gather TeamViewer Passwords

    Open source ↗

Frequently asked(6)

What is CVE-2019-18988?
CVE-2019-18988 is a high vulnerability published on February 7, 2020. TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the…
When was CVE-2019-18988 disclosed?
CVE-2019-18988 was first published in the National Vulnerability Database on February 7, 2020, with the most recent update on November 7, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2019-18988 actively exploited?
Yes. CISA added CVE-2019-18988 to the Known Exploited Vulnerabilities catalog on November 3, 2021, affecting TeamViewer Desktop. KEV listing indicates confirmed exploitation in the wild; this CVE warrants immediate patching attention.
What is the CVSS score of CVE-2019-18988?
CVE-2019-18988 has a CVSS v3 base score of 7.0 (NVD). EchelonGraph synthesises NVD + CISA KEV + FIRST EPSS + GHSA into a combined EG score of 9.0.
Which products are affected by CVE-2019-18988?
CVE-2019-18988 affects TeamViewer Desktop. The full affected-products list, including version ranges and fixed versions, is shown in the Affected Packages section of this page.
How do I remediate CVE-2019-18988?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2019-18988, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2019-18988

Explore →

Is Your Infrastructure Affected by CVE-2019-18988?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.