CVE-2024-12754

Name of the Vulnerable Software and Affected Versions AnyDesk versions prior to 9.0.1

Description This issue allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the handling of background images. By creating a junction, an attacker can abuse the service to read arbitrary files. An attacker can leverage this issue to disclose stored credentials, leading to further compromise. Over 13,000 services are potentially affected.

Recommendations AnyDesk versions prior to 9.0.1: Update to version 9.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the background image handling functionality to minimize the risk of exploitation.