HomePentest-Tools.com Logo

AnyDesk Privilege Escalation Vulnerability (Oct 2021) - Windows CVE-2021-40854

Severity
CVSSv3 Score
7.8
Vulnerability description

AnyDesk is prone to a privilege escalation vulnerability.

Risk description

AnyDesk for Windows allows for a local escalation of privileges through the UI. When a connection has been accepted, the user can click the Open Chat Log link in the connection window. This will open Notepad with escalated privileges. The user can then use the File -> Open... dialog, to start any application as administrator. A user with restricted privileges can use AnyDesk to obtain administrator privileges. Note: the vulnerability can not be exploited remotely because AnyDesk blocks remote interaction with the chat window.

Recommendation

Update to version 6.2.6, 6.3.3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 14, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available