CVE-2021-44426

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://anydesk.com/en/downloads/windows	Product Vendor Advisory
https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:anydesk:anydesk::::::windows::*
	cpe:2.3:a:anydesk:anydesk::::::windows::*

History

16 Sep 2022, 15:09

Type	Values Removed	Values Added
References	~~(MISC) https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/ -~~	(MISC) https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/ - Exploit, Third Party Advisory
References	~~(MISC) https://anydesk.com/en/downloads/windows -~~	(MISC) https://anydesk.com/en/downloads/windows - Product, Vendor Advisory
CPE		cpe:2.3:a:anydesk:anydesk::::::windows::*
CWE		CWE-434
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8

12 Sep 2022, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-12 21:15

Updated : 2024-02-04 22:51

NVD link : CVE-2021-44426

Mitre link : CVE-2021-44426

CVE.ORG link : CVE-2021-44426

JSON object : View

Products Affected

anydesk

anydesk

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2021-44426", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-09-12T21:15:09.127", "references": [{"url": "https://anydesk.com/en/downloads/windows", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim."}, {"lang": "es", "value": "Se ha detectado un problema en AnyDesk versiones anteriores a 6.2.6 y versiones 6.3.x anteriores a 6.3.5. Es posible subir un archivo arbitrario al directorio local ~/Downloads/ de la v\u00edctima si \u00e9sta usa el cliente Windows de AnyDesk para conectarse a una m\u00e1quina remota, si un atacante tambi\u00e9n es conectado remotamente con AnyDesk a la misma m\u00e1quina remota. La carga es realizada sin ninguna aprobaci\u00f3n o acci\u00f3n por parte de la v\u00edctima"}], "lastModified": "2022-09-16T15:09:37.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:anydesk:anydesk:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "C5CA60F4-25B6-44E9-997F-AD1CF9C7B34C", "versionEndExcluding": "6.2.6"}, {"criteria": "cpe:2.3:a:anydesk:anydesk:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "C55E8126-92A0-4739-BB65-5F72B771EA58", "versionEndExcluding": "6.3.3", "versionStartIncluding": "6.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}