Anydesk
CVE-2020-13160
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
AnalysisAI
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-134. AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. Affected products include: Anydesk. Version information: before 5.5.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYS
Anydesk versions up to 5.4.0 contains a vulnerability that allows attackers to potentially inject malicious executables
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerabilit
AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Cha
AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate cli
AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. Rated high severity (CVSS 7.8),
AnyDesk 7.0.8 allows remote Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitabl
Denial-of-service in AnyDesk allows a local attacker with low-privileged code execution to crash or destabilize the appl
AnyDesk's 'Send Support Information' feature is exploitable by local low-privileged attackers via a Windows junction (di
AnyDesk Link Following Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low
An issue was discovered in AnyDesk through 9.0.4. Rated high severity (CVSS 8.2), this vulnerability is remotely exploit
Same weakness CWE-134 – Use of Externally-Controlled Format String
View allShare
External POC / Exploit Code
Leaving vuln.today