CVE-2021-44425

Name of the Vulnerable Software and Affected Versions AnyDesk versions prior to 6.2.6 AnyDesk versions 6.3.x prior to 6.3.3

Description An issue was discovered in the AnyDesk software, where an unnecessarily open listening port is created on a machine in the LAN of an attacker when the tunneling feature is used by the AnyDesk Windows client. This allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack and any remote destination machine software listening to the AnyDesk tunneled port.

Recommendations For AnyDesk versions prior to 6.2.6, update to version 6.2.6 or later to resolve the issue. For AnyDesk versions 6.3.x prior to 6.3.3, update to version 6.3.3 or later to resolve the issue. As a temporary workaround, consider disabling the tunneling feature until a patch is available. Restrict access to the AnyDesk tunneling protocol stack to minimize the risk of exploitation.