Information Disclosure Vulnerability in AnyDesk
CVE-2024-12754

Currently unrated

Key Information:

Vendor
Anydesk
Status
Anydesk
Vendor
CVE Published:
30 December 2024

Badges

πŸ”₯ Trending nowπŸ₯‡ Trended No. 1πŸ“ˆ TrendedπŸ“ˆ Score: 7,660πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2024-12754?

CVE-2024-12754 is a vulnerability identified in AnyDesk, a remote desktop software used for remote access and online collaboration. This information disclosure vulnerability enables local attackers to access sensitive information within affected installations of AnyDesk. If exploited, it may result in unauthorized access to stored credentials, which could lead to further security breaches and data compromise within an organization.

Technical Details

The vulnerability stems from improper handling of background images in AnyDesk. An attacker, having gained the ability to execute low-privileged code on the target machine, can create a junction that allows the misuse of the service for reading arbitrary files. This flaw is linked to the mechanisms responsible for managing background images, creating a pathway for unauthorized information retrieval.

Potential impact of CVE-2024-12754

  1. Unauthorized Information Disclosure: This vulnerability can facilitate the disclosure of sensitive information, including user credentials, putting the organization at risk of unauthorized access to critical systems.

  2. Increased Risk of Further Compromise: With disclosed credentials, attackers can potentially gain higher privileges or access additional sensitive data, exacerbating the impact on organizational security.

  3. Reputational Damage: In the event of a breach resulting from this vulnerability, organizations may experience significant reputational harm, leading to a loss of customer trust and potential financial implications.

Affected Version(s)

AnyDesk 8.0.9.0

News Articles

πŸ”—CybersecurityNews

PoC Exploit Released for AnyDesk Vulnerability Exploited to Gain Admin Access Via Wallpapers

According to cybersecurity researcher Naor Hodorov, the flaw lies in how AnyDesk processes desktop background images during session initialization.Β 

2 days ago

πŸ”—GBHackers News

Hackers Exploit AnyDesk Vulnerability to Gain Admin Access – PoC Released

A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious cybersecurity concerns.

2 days ago

πŸ”—CybersecurityNews

Weaponizing Windows Background Images to Gain Admin Access Using AnyDesk Vulnerability

A recently disclosed vulnerability in AnyDesk, a widely used remote desktop software, has raised significant cybersecurity concerns.Β 

6 days ago

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1711/
x_research-advisory

Timeline

  • πŸ₯‡

    Vulnerability reached the number 1 worldwide trending spot

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by CybersecurityNews

  • Vulnerability published

.