CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26509
https://notcve.org/view.php?id=CVE-2023-26509
AnyDesk 7.0.8 allows remote Denial of Service. • https://anydesk.com/cve/2023-26509 https://anydesk.com/en/downloads/windows https://gist.github.com/Fastor01/161211a8aef1278d942c551fd2065ca5 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44425
https://notcve.org/view.php?id=CVE-2021-44425
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port). Se ha detectado un problema en AnyDesk versiones anteriores a 6.2.6 y en versiones 6.3.x anteriores a 6.3.3. Un puerto de escucha innecesariamente abierto en una máquina en la LAN de un atacante, abierto por el cliente de Windows de AnyDesk cuando es usada la funcionalidad tunneling, permite al atacante acceder sin autorización a la pila de protocolos de tunelización de AnyDesk de la máquina local (y también a cualquier software de la máquina de destino remota que esté escuchando el puerto tunelizado de AnyDesk) • https://anydesk.com/en/downloads/windows https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44426
https://notcve.org/view.php?id=CVE-2021-44426
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim. Se ha detectado un problema en AnyDesk versiones anteriores a 6.2.6 y versiones 6.3.x anteriores a 6.3.5. Es posible subir un archivo arbitrario al directorio local ~/Downloads/ de la víctima si ésta usa el cliente Windows de AnyDesk para conectarse a una máquina remota, si un atacante también es conectado remotamente con AnyDesk a la misma máquina remota. • https://anydesk.com/en/downloads/windows https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 3CVE-2022-32450 – AnyDesk 7.0.9 Arbitrary File Write / Denial Of Service
https://notcve.org/view.php?id=CVE-2022-32450
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there. AnyDesk versión 7.0.9, permite a un usuario local conseguir privilegios de SYSTEM por medio de un enlace simbólico, ya que el usuario puede escribir en su propia carpeta %APPDATA% (usada para ad.trace y el chat), pero el producto es ejecutado como SYSTEM cuando son escritos allí los datos de la sala de chat AnyDesk version 7.0.9 suffers from an arbitrary file write vulnerability via a symlink attack. • http://anydesk.com http://packetstormsecurity.com/files/167608/AnyDesk-7.0.9-Arbitrary-File-Write-Denial-Of-Service.html http://seclists.org/fulldisclosure/2022/Jul/9 https://seclists.org/fulldisclosure/2022/Jun/44 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40854
https://notcve.org/view.php?id=CVE-2021-40854
AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications. AnyDesk versiones anteriores a 6.2.6 y versiones 6.3.x anteriores a 6.3.3, permite a un usuario local alcanzar privilegios de administrador al usar la función Open Chat Log para lanzar un proceso privilegiado del Bloc de notas que puede lanzar otras aplicaciones • https://anydesk.com/cve/2021-40854 • CWE-269: Improper Privilege Management •