Proof-of-Concept Exploit for AnyDesk Vulnerability (CVE-2024-12754)
Exploitation of this vulnerability could allow an attacker to read arbitrary files, including stored credentials
Summary
Exploitation of this vulnerability could allow an attacker to read arbitrary files, including stored credentials
Affected platforms
The following platforms are known to be affected:
Threat details
Proof-of-concept of CVE-2024-12754 published
A security researcher has released a proof-of-concept (PoC) exploit for this vulnerability. Exploitation is considered more likely.
Introduction
A proof-of-concept exploit has been released for an information disclosure vulnerability CVE-2024-12754 in AnyDesk, which is a remote desktop app that allows users to work easily across different devices.
The specific flaw in the vulnerability CVE-2024-12754 exists in the handling of background images. A local attacker with the ability to execute low-privileged code can abuse the service to read arbitrary files and leverage this vulnerability to disclose stored credentials, leading to further compromise.
Remediation advice
Affected organisations are encouraged to read the ZDI advisory ZDI-24-1711 and update AnyDesk to version 9.0.1 as soon as practicable.
Definitive source of threat updates
Last edited: 11 February 2025 3:21 pm