exploitDog

CVE-2020-13160

Опубликовано: 09 июн. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.

Ссылки

http://packetstormsecurity.com/files/158291/AnyDesk-GUI-Format-String-Write.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/161628/AnyDesk-5.5.2-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://devel0pment.de/?p=1881
Exploit
Third Party Advisory
https://download.anydesk.com/changelog.txt
Release Notes
Vendor Advisory
http://packetstormsecurity.com/files/158291/AnyDesk-GUI-Format-String-Write.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/161628/AnyDesk-5.5.2-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://devel0pment.de/?p=1881
Exploit
Third Party Advisory
https://download.anydesk.com/changelog.txt
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:anydesk:anydesk:*:*:*:*:*:*:*:*

Версия до 5.5.3 (исключая)

Одно из

cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.77942

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-134

Связанные уязвимости

GHSA-5hwp-hcwg-rrjp

github

больше 3 лет назад

AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.

EPSS

Процентиль: 99%

0.77942

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-134