Remote Login Access Control Bypass in TeamViewer Desktop by TeamViewer
CVE-2019-18988
Key Information:
- Vendor
Teamviewer
- Status
- Vendor
- CVE Published:
- 7 February 2020
Badges
What is CVE-2019-18988?
The TeamViewer Desktop application is susceptible to an access control bypass due to its use of a shared AES key across multiple customer installations. This flaw affects all versions from 7.0.43148 onwards, enabling an attacker with knowledge of the shared key to decrypt sensitive information, including the Unattended Access password. Even though recent versions have modified the storage mechanism for this password, attackers who can access the registry or configuration files—especially if these are stored externally—may exploit this vulnerability to gain unauthorized remote access to systems.
CISA has reported CVE-2019-18988
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2019-18988 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
13% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved