CVE-2020-35483 - OpenCVE

AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Anydesk	Anydesk

Configuration 1 [-]

cpe:2.3:a:anydesk:anydesk:*:*:*:*:*:windows:*:*

References

Link	Resource
https://anydesk.com/cve/2020-35483/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-01-11T14:33:43

Updated: 2021-01-11T14:33:43

Reserved: 2020-12-17T00:00:00

Link: CVE-2020-35483

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-01-11T15:15:13.187

Modified: 2021-01-20T02:49:26.047

Link: CVE-2020-35483

JSON object: View

Redhat Information

No data.

CWE

CWE-427

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:anydesk:anydesk:*:*:*:*:*:windows:*:*", "matchCriteriaId": "45469812-8D00-41E1-8657-2E3EA3553D46", "versionEndExcluding": "6.1.0", "versionStartIncluding": "5.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file."}, {"lang": "es", "value": "AnyDesk versiones anteriores a 6.1.0 en Windows, cuando se ejecuta en modo port\u00e1til en un sistema donde el atacante presenta acceso de escritura al directorio de la aplicaci\u00f3n, permite a este atacante comprometer una cuenta de usuario local por medio de una configuraci\u00f3n de solo lectura para un archivo gcapi.dll de tipo caballo de Troya"}], "id": "CVE-2020-35483", "lastModified": "2021-01-20T02:49:26.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-11T15:15:13.187", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://anydesk.com/cve/2020-35483/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}