// For flags

CVE-2022-32450

AnyDesk 7.0.9 Arbitrary File Write / Denial Of Service

Severity Score

7.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there.

AnyDesk versión 7.0.9, permite a un usuario local conseguir privilegios de SYSTEM por medio de un enlace simbólico, ya que el usuario puede escribir en su propia carpeta %APPDATA% (usada para ad.trace y el chat), pero el producto es ejecutado como SYSTEM cuando son escritos allí los datos de la sala de chat

AnyDesk version 7.0.9 suffers from an arbitrary file write vulnerability via a symlink attack.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-06-05 CVE Reserved
  • 2022-06-28 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Anydesk
Search vendor "Anydesk"
Anydesk
Search vendor "Anydesk" for product "Anydesk"
7.0.9
Search vendor "Anydesk" for product "Anydesk" and version "7.0.9"
-
Affected