CVE-2019-18988

HIGH KEV

TeamViewer Desktop <14.7.1965 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2019-18988 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 2 public exploits from researchers including mr-r3b00t, reversebrain.

AI-analyzed exploit summary The repository contains only a minimal README with a title and brief description of CVE-2019-18988, but no exploit code, technical details, or functional proof-of-concept. It appears to be a placeholder or incomplete submission.

Description

TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system.

Exploits (2)

nomisec STUB 3 stars

by mr-r3b00t · local

https://github.com/mr-r3b00t/CVE-2019-18988

View Code ZIP pw:eip

The repository contains only a minimal README with a title and brief description of CVE-2019-18988, but no exploit code, technical details, or functional proof-of-concept. It appears to be a placeholder or incomplete submission.

Classification

Stub 90%

Attack Type

Info Leak

Complexity

Theoretical

Reliability

Theoretical

Target: TeamViewer (version not specified)

No auth needed

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC 2 stars

by reversebrain · local

https://github.com/reversebrain/CVE-2019-18988

View Code ZIP pw:eip

This PoC decrypts a hardcoded TeamViewer password from the Windows registry using AES-CBC decryption, demonstrating an information leak vulnerability. The script extracts the password from a registry key and decrypts it using a static key and IV.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: TeamViewer Version 7

Auth required

Prerequisites: Access to the Windows registry key 'HKLM\SOFTWARE\WOW6432Node\TeamViewer\Version7'

MITRE ATT&CK

T1552.002 - Credentials in Registry

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Broken Link, Vendor Advisory x_refsource_misc

https://community.teamviewer.com/t5/Knowledge-Base/tkb-p/Knowledgebase?threadtype=label&labels=Security

Exploit, Third Party Advisory x_refsource_misc

https://whynotsecurity.com/blog/teamviewer/

Third Party Advisory x_refsource_misc

https://twitter.com/Blurbdust/status/1224212682594770946?s=20

Vendor Advisory x_refsource_misc

https://community.teamviewer.com/t5/Announcements/Specification-on-CVE-2019-18988/td-p/82264

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-18988

Scores

CVSS v3 7.0

EPSS 0.0475

EPSS Percentile 90.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact partial

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2019-8642

CWE

CWE-521

Status published

Products (1)

teamviewer/teamviewer < 14.7.1965

Published Feb 07, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026