CVE-2022-32450

Name of the Vulnerable Software and Affected Versions AnyDesk version 7.0.9

Description The issue allows a local user to gain SYSTEM privileges via a symbolic link. This is possible because the user can write to their own %APPDATA% folder, which is used for ad.trace and chat, but the product runs as SYSTEM when writing chat-room data there.

Recommendations For AnyDesk version 7.0.9, consider restricting access to the %APPDATA% folder to prevent users from creating symbolic links that could lead to privilege escalation. As a temporary workaround, consider disabling the chat functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.