CVE-2021-44426

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://anydesk.com/en/downloads/windows	Product Vendor Advisory
https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:anydesk:anydesk::::::windows::*
	cpe:2.3:a:anydesk:anydesk::::::windows::*

History

16 Sep 2022, 15:09

Type	Values Removed	Values Added
CWE		CWE-434
First Time		Anydesk Anydesk anydesk
CPE		cpe:2.3:a:anydesk:anydesk::::::windows::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
References	~~(MISC) https://anydesk.com/en/downloads/windows -~~	(MISC) https://anydesk.com/en/downloads/windows - Product, Vendor Advisory
References	~~(MISC) https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/ -~~	(MISC) https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/ - Exploit, Third Party Advisory

12 Sep 2022, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-12 21:15

Updated : 2023-12-10 14:35

NVD link : CVE-2021-44426

Mitre link : CVE-2021-44426

CVE.ORG link : CVE-2021-44426

JSON object : View

Products Affected

anydesk

anydesk

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2021-44426", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-09-12T21:15:09.127", "references": [{"url": "https://anydesk.com/en/downloads/windows", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim."}, {"lang": "es", "value": "Se ha detectado un problema en AnyDesk versiones anteriores a 6.2.6 y versiones 6.3.x anteriores a 6.3.5. Es posible subir un archivo arbitrario al directorio local ~/Downloads/ de la v\u00edctima si \u00e9sta usa el cliente Windows de AnyDesk para conectarse a una m\u00e1quina remota, si un atacante tambi\u00e9n es conectado remotamente con AnyDesk a la misma m\u00e1quina remota. La carga es realizada sin ninguna aprobaci\u00f3n o acci\u00f3n por parte de la v\u00edctima"}], "lastModified": "2022-09-16T15:09:37.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:anydesk:anydesk:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "C5CA60F4-25B6-44E9-997F-AD1CF9C7B34C", "versionEndExcluding": "6.2.6"}, {"criteria": "cpe:2.3:a:anydesk:anydesk:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "C55E8126-92A0-4739-BB65-5F72B771EA58", "versionEndExcluding": "6.3.3", "versionStartIncluding": "6.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}