PT-2022-12119 · Anydesk · Anydesk
Published
2022-09-12
·
Updated
2022-09-16
·
CVE-2021-44426
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AnyDesk versions prior to 6.2.6
AnyDesk versions 6.3.x prior to 6.3.5
Description
An issue allows the upload of an arbitrary file to a victim's local ~/Downloads/ directory without approval or action taken by the victim. This occurs when the victim uses the AnyDesk Windows client to connect to a remote machine and an attacker is also connected remotely with AnyDesk to the same remote machine.
Recommendations
For versions prior to 6.2.6, update to version 6.2.6 or later.
For versions 6.3.x prior to 6.3.5, update to version 6.3.5 or later.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Anydesk