The Argus Cyber Security Research team reported both issues to Anydesk, who verified their validity and then fixed them according to the following timeline:Īugust 2021 – Issues were discovered and verified on relevant versions Such malware could be used in a subsequent attack to compromise the victim’s computer. If an attacker can persuade an innocent victim to connect to the same remote computer, the attacker can plant the malicious file in the victim’s filesystem without the knowledge of the victim. The ThreatĪssume an attacker opens an Anydesk session connecting to a remote computer that contains a malicious file. Under certain circumstances, if Person A copies a file from the remote computer to his/her local machine, the same file will be copied to Person B’s local machine (to the ~/Downloads// directory) without any prompt or approval from Person B. Let’s assume two people are connected to the same remote Anydesk session. CVE-2021-44426: A malicious file can be planted in an unsuspecting victim’s computer The Issue Additionally, the attacker would have access to the Anydesk tunneling communication stack of the corporate worker. The attacker would potentially be able to compromise the service listening to the port, and possibly advance further within the “secure” corporate network and access sensitive data. If he does so while connecting to a non-secure network (e.g., he is connected to a café hotspot), an attacker connected to the same café hotspot would have direct access to the corporate remote server via the exposed tunneled port. Let’s assume a corporate worker uses the Anydesk tunneling feature to connect to a remote server within his organizational network and proceeds to interact with an internal service using the tunneled port.
The AnyDesk software on the connecting client listens for connections to the tunnel on all interfaces: The issue pertains to configuring a TCP tunnel to a remote AnyDesk device, e.g.: CVE-2021-44425: Tunneling socket unnecessarily binds to default route The Issue This post describes both security issues and their potential impact on anyone using the AnyDesk tunneling service.
Anydesk is a remote desktop application that has amassed popularity and market share in recent years with the growing adoption of remote work models.ĭuring routine work with Anydesk, Argus’ research team stumbled upon & reported two security flaws (aka CVEs) that could possibly impact users.
0 kommentar(er)
