CVE-2019-18988 — TeamViewer Desktop

TeamViewer Desktop Bypass Remote Login Vulnerability

Added to KEV

2021-11-03

Federal due date

2022-05-03

Vendor

TeamViewer

Product

Desktop

EPSS

92.0th percentile (score 0.076, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2019-18988

CISA short description

TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended Access password to the system (which allows for remote login to the system).

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.