Low
CVE-2020-13160
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2020-13160
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
Add Assessment
Ratings
-
Attacker ValueLow
-
ExploitabilityMedium
Technical Analysis
The AnyDesk GUI is vulnerable to a remotely exploitable format string vulnerability. By sending a specially
crafted discovery packet, an attacker can corrupt the front end process when it loads or refreshes. While the
discovery service is always running, the GUI frontend must be started to trigger the vulnerability. On
successful exploitation, code is executed within the context of the user who started the AnyDesk GUI.
The public PoC works out of the box on Ubuntu 18.04 x64 but requires some work to update the target for newer versions of Ubuntu and other versions of Linux such as Fedora. While the exploit seems reasonably stable for the first exploitation attempt, the GUI becomes unresponsive and subsequent attempts require restarting the service sudo systemctl restart anydesk
and restarting the GUI.
A legitimate discovery frame can be sent to a target host to trigger a response. This can be used by an attacker to verify that the service is running, leak the hostname, and determine the operating system.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- anydesk
Products
- anydesk
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: