Описание
An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later connect without this counterparty confirmation.
Ссылки
- Release Notes
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
8.2 High
CVSS3
Дефекты
Связанные уязвимости
An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later connect without this counterparty confirmation.
Уязвимость программного обеспечения для удалённого доступа и управления AnyDesk, связанная с ошибками обработки разрешений, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
8.2 High
CVSS3