Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-12754
CVE-2024-12754:
AnyDesk vulnerability analysis and mitigation
Overview
AnyDesk Link Following Information Disclosure Vulnerability (CVE-2024-12754) is a security flaw discovered in AnyDesk remote administration software. The vulnerability allows local attackers with low-privileged code execution capabilities to disclose sensitive information on affected installations. The flaw was discovered by security researcher Naor Hodorov and was coordinated through Trend Micro's Zero Day Initiative. The vulnerability was disclosed on December 19, 2024, after being initially reported on July 24, 2024 (Zero Day Initiative).
Technical details
The vulnerability exists within the handling of background images in AnyDesk. The specific flaw involves an elevated arbitrary file read/copy operation performed by the AnyDesk service running as NT AUTHORITY\SYSTEM. When a session is initiated, AnyDesk copies the user's background image into the C:\Windows\Temp directory using system privileges. The vulnerability has been assigned a CVSS v3.0 base score of 5.5 (MEDIUM) with the vector string CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access requirements with high confidentiality impact (Zero Day Initiative, Security Online).
Impact
The vulnerability allows attackers to disclose stored credentials and potentially gain complete control of the system. By exploiting this flaw, attackers can read arbitrary files and access sensitive system files such as SAM, SYSTEM, and SECURITY, which are typically only accessible by system administrators. This access could lead to the extraction of user credentials and further system compromise (GBHackers, Security Online).
Mitigation and workarounds
The vulnerability has been patched in AnyDesk version v9.0.1. Users are strongly encouraged to update to the latest version to protect against potential attacks. Until patching is possible, administrators should restrict access to AnyDesk installations, particularly on high-value systems, regularly monitor and secure the C:\Windows\Temp directory, and consider disabling Volume Shadow Copies if not in use (GBHackers).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management