Lucene search

[email protected]CVE-2021-44425

HistorySep 12, 2022 - 9:15 p.m.

CVE-2021-44425

2022-09-1221:15:09

[email protected]

web.nvd.nist.gov

cve-2021-44425

anydesk

security vulnerability

unauthorized access

tunneling protocol stack

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.7%

JSON

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine’s AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port).

Affected configurations

NVD

Node

anydeskanydeskRange<6.2.6windows

anydeskanydeskRange6.3.0–6.3.3windows

CPENameOperatorVersion
anydesk:anydeskanydesklt6.2.6
anydesk:anydeskanydesklt6.3.3

CPE	Name	Operator	Version
anydesk:anydesk	anydesk	lt	6.2.6
anydesk:anydesk	anydesk	lt	6.3.3

References

anydesk.com/en/downloads/windows

argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/

Social References

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.7%

JSON

Related for CVE-2021-44425

nvd1 cvelist1 prion1 openvas1