CVE-2024-52940: 
AnyDesk vulnerability analysis and mitigation

A zero-day vulnerability (CVE-2024-52940) was discovered in AnyDesk software through version 8.1.0 on Windows systems. The vulnerability exists in the 'Allow Direct Connections' feature, which when enabled, inadvertently exposes a public IP address within network traffic. To exploit this vulnerability, an attacker only needs to know the victim's AnyDesk ID. The flaw was discovered by security researcher Ebrahim Shafiei on October 27, 2024 (Security Online, GitHub POC).

The vulnerability occurs when the 'Allow Direct Connections' feature is enabled and the connection port is set to 7070 on the attacker's system. This configuration allows an attacker to retrieve the public IP address of a target using only their AnyDesk ID, without requiring any configuration changes on the target system. Additionally, if both systems are on the same network, the attacker can also obtain the target's private IP address. The vulnerability has been assigned a CVSS base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating high severity (NVD).

The vulnerability exposes sensitive IP information of the target system, which can be identified through network sniffing on the attacker's system. This exposure poses significant privacy risks, particularly when security configurations are insufficiently protected in remote access tools. The leaked IP addresses could potentially be used for further attacks, including targeted phishing campaigns, denial-of-service attacks, or to pinpoint a user's physical location (Security Online).

Currently, there is no official fix or patch available from AnyDesk to address this vulnerability. As a temporary workaround, users are advised to disable the 'Allow Direct Connections' feature until a security update is released (Cyber Security News).