Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-44425

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port).

Published

2022-09-12T21:15:09.070

Last Modified

2024-11-21T06:30:56.727

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	anydesk	anydesk	< 6.2.6	Yes
Application	anydesk	anydesk	< 6.3.3	Yes

References

https://anydesk.com/en/downloads/windows Product, Vendor Advisory ([email protected])
https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/ Exploit, Third Party Advisory ([email protected])
https://anydesk.com/en/downloads/windows Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)