Unauthorized Access via Open Listening Port in AnyDesk Remote Application
CVE-2021-44425

6.5MEDIUM

Key Information:

Vendor: Anydesk
Status: Anydesk
Vendor: CVE Published:; 12 September 2022

What is CVE-2021-44425?

A security flaw in AnyDesk before version 6.2.6 and 6.3.x before 6.3.3 has been identified, where an open listening port can be inadvertently triggered during the use of the tunneling feature. This vulnerability allows an attacker on the same Local Area Network (LAN) to gain unauthorized access to the affected machine's tunneling protocol stack. Consequently, any software listening on an AnyDesk tunneled port may also be exposed to potential exploitation. This flaw emphasizes the importance of securing remote access tools to avoid unauthorized entry points into sensitive local machine environments.

References

https://anydesk.com/en/downloads/windows

x_refsource_MISC

https://argus-sec.com/discovering-tunneling-service-secur...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2022
Vulnerability Reserved
Nov 29, 2021

Anydesk

What is CVE-2021-44425?

References

CVSS V3.1

Timeline