CVE-2021-44426

Опубликовано: 12 сент. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim.

Ссылки

https://anydesk.com/en/downloads/windows
Product
Vendor Advisory
https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/
Exploit
Third Party Advisory
https://anydesk.com/en/downloads/windows
Product
Vendor Advisory
https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:anydesk:anydesk:*:*:*:*:*:windows:*:*

Версия до 6.2.6 (исключая)

cpe:2.3:a:anydesk:anydesk:*:*:*:*:*:windows:*:*

Версия от 6.3.0 (включая) до 6.3.3 (исключая)

EPSS

Процентиль: 63%

0.0045

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-2r63-v4pm-8j7g