PT-2021-22984 · Anydesk · Anydesk

Published

2021-10-14

Updated

2021-10-20

CVE-2021-40854

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AnyDesk versions 6.2.x through 6.2.5 AnyDesk versions 6.3.x through 6.3.2

Description The issue allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications.

Recommendations For AnyDesk versions 6.2.x through 6.2.5, update to version 6.2.6 or later. For AnyDesk versions 6.3.x through 6.3.2, update to version 6.3.3 or later.

Fix

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2021-40854

Affected Products

Anydesk

PT-2021-22984 · Anydesk · Anydesk

CVE-2021-40854

Weakness Enumeration

Related Identifiers

Affected Products

References · 5