CVE-2021-44426
N/A
N/A
Summary
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://anydesk.com/en/downloads/windows
- https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/
References
- https://anydesk.com/en/downloads/windows
- https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.