An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port).
References
Link | Resource |
---|---|
https://anydesk.com/en/downloads/windows | Product Vendor Advisory |
https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-09-12T20:47:38
Updated: 2022-09-12T20:47:38
Reserved: 2021-11-29T00:00:00
Link: CVE-2021-44425
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-12T21:15:09.070
Modified: 2022-09-16T15:01:03.477
Link: CVE-2021-44425
JSON object: View
Redhat Information
No data.
CWE