Exploitation of this vulnerability could allow an attacker to read arbitrary files, including stored credentials

Threat ID:CC-4615

Threat Severity:Medium

Published:11 February 2025 3:21 PM

Summary

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 9.0.1

AnyDesk

Threat details

Proof-of-concept of CVE-2024-12754 published

A security researcher has released a proof-of-concept (PoC) exploit for this vulnerability. Exploitation is considered more likely.

Introduction

A proof-of-concept exploit has been released for an information disclosure vulnerability CVE-2024-12754 in AnyDesk, which is a remote desktop app that allows users to work easily across different devices.

The specific flaw in the vulnerability CVE-2024-12754 exists in the handling of background images. A local attacker with the ability to execute low-privileged code can abuse the service to read arbitrary files and leverage this vulnerability to disclose stored credentials, leading to further compromise.

Remediation advice

Affected organisations are encouraged to read the ZDI advisory ZDI-24-1711 and update AnyDesk to version 9.0.1 as soon as practicable.

Definitive source of threat updates

https://www.zerodayinitiative.com/advisories/ZDI-24-1711/

CVE Vulnerabilities

StatusPublished

CVE-2024-12754AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of background images. By creating a junction, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-23940.

Last edited: 11 February 2025 3:21 pm