AnyDesk SoftwarePatching for Windows Mac Linux
CVE Vulnerabilities for AnyDesk
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2023‑26509 | 2023‑07‑03 15:15:10 | HIGH (8) | AnyDesk 7.0.8 allows remote Denial of Service. | 4 | 4 | NETWORK |
| CVE‑2022‑32450 | 2022‑07‑18 13:15:10 | HIGH (7) | AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there. | 2 | 5 | LOCAL |
| CVE‑2021‑44426 | 2022‑09‑12 21:15:09 | HIGH (9) | An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim. | 3 | 6 | NETWORK |
| CVE‑2021‑44425 | 2022‑09‑12 21:15:09 | MEDIUM (7) | An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port). | 3 | 4 | ADJACENT_NETWORK |
| CVE‑2021‑40854 | 2021‑10‑14 05:15:08 | HIGH (8) | AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications. | 2 | 6 | LOCAL |
| CVE‑2020‑35483 | 2021‑01‑11 15:15:13 | HIGH (8) | AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file. | 2 | 6 | LOCAL |
| CVE‑2020‑27614 | 2020‑12‑09 00:15:13 | HIGH (8) | AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation. | 2 | 6 | LOCAL |
| CVE‑2020‑13160 | 2020‑06‑09 17:15:10 | CRITICAL (10) | AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. | 4 | 6 | NETWORK |
| CVE‑2018‑13102 | 2018‑07‑03 16:29:00 | MEDIUM (7) | AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. | 0 | 0 | NETWORK |
| CVE‑2017‑14397 | 2017‑09‑12 21:29:00 | HIGH (8) | AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. | 0 | 0 | NETWORK |
What applications does Lavawall® monitor?
Lavawall monitors patches for over 7,500 applications. This is a summary of the most popular applications.Click here for the full list.
Click the applications below for the current version and known vulnerabilities.
Logos are property of their respective trademark holders and are not affiliated with ThreeShield or Lavawall. We have not audited the security of most of the listed tools.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.