Stack overflow

2022-09-1221:15:00

PRIOn knowledge base

www.prio-n.com

anydesk

unauthorized access

tunneling protocol

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

JSON

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine’s AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port).

CPENameOperatorVersion
anydeskge6.3.0
anydesklt6.3.3
anydesklt6.2.6

Name	Operator	Version
anydesk	ge	6.3.0
anydesk	lt	6.3.3
anydesk	lt	6.2.6

References

anydesk.com/en/downloads/windows

argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/