Anydesk
CVE-2017-14397
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.
AnalysisAI
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-74. AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. Affected products include: Anydesk. Version information: before 3.6.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execut
AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYS
Anydesk versions up to 5.4.0 contains a vulnerability that allows attackers to potentially inject malicious executables
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own
AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Cha
AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate cli
AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. Rated high severity (CVSS 7.8),
AnyDesk 7.0.8 allows remote Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitabl
Denial-of-service in AnyDesk allows a local attacker with low-privileged code execution to crash or destabilize the appl
AnyDesk's 'Send Support Information' feature is exploitable by local low-privileged attackers via a Windows junction (di
AnyDesk Link Following Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low
An issue was discovered in AnyDesk through 9.0.4. Rated high severity (CVSS 8.2), this vulnerability is remotely exploit
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today