Inadvertent Exposure of Public IP Address

What is CVE-2024-52940?

CVE-2024-52940 is a vulnerability found in the AnyDesk remote desktop application, which is widely used for providing remote support and access to computers. This flaw, present in versions up to 8.1.0 on Windows when the "Allow Direct Connections" feature is enabled, leads to the inadvertent exposure of a user's public IP address in network traffic. Such exposure can have serious negative implications for organizations, as it may facilitate tracking of users, targeted attacks, and unauthorized access to systems.

Technical Details

The vulnerability arises from how AnyDesk handles network traffic while enabling direct connections between clients. When this option is in use, the application inadvertently discloses the public IP address of the connected user within the transmitted data. Attackers need knowledge of the victim's AnyDesk ID to exploit this vulnerability, which means that targeted scenarios are required for successful exploitation. The flaw exposes sensitive network information, which can be detrimental to privacy and security.

Impact of the Vulnerability

1. Increased Attack Surface: The exposure of the public IP address increases the risk of targeted attacks, making it easier for malicious actors to initiate further malicious activities against the victim's network.

2. Potential for Tracking and Surveillance: Attackers can leverage the disclosed IP address for tracking user activities or conducting reconnaissance, ultimately leading to a breach of confidentiality and privacy.

3. Facilitation of Remote Exploitation: With the public IP address known, attackers may be able to exploit other vulnerabilities or misconfigurations in the victim's network, increasing the likelihood of unauthorized access and system compromise.

References