CVE-2024-52940

Name of the Vulnerable Software and Affected Versions AnyDesk versions 8.1.0 and lower

Description The issue is related to the "Allow Direct Connections" feature of the AnyDesk remote desktop software, which inadvertently exposes a public IP address within network traffic when enabled. An attacker must know the victim's AnyDesk ID to exploit this issue. This may allow a remote attacker to disclose protected information about the IP address of the target system.

Recommendations For AnyDesk versions 8.1.0 and lower, consider disabling the "Allow Direct Connections" feature until a patch is available. Restrict access to the affected feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.