COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2019-18988

CVE-2019-18988

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2021-11-03
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-18988
⌖ exploited in the wild shame 50/100 exploited-in-wild

TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of t

Players implicated

TeamViewer · vendorDesktop · product

Description

TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended Access password to the system (which allows for remote login to the system).

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.