Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-44426

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim.

Published

2022-09-12T21:15:09.127

Last Modified

2024-11-21T06:30:56.913

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	anydesk	anydesk	< 6.2.6	Yes
Application	anydesk	anydesk	< 6.3.3	Yes

References

https://anydesk.com/en/downloads/windows Product, Vendor Advisory ([email protected])
https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/ Exploit, Third Party Advisory ([email protected])
https://anydesk.com/en/downloads/windows Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)