Attacker Value
Low
0

CVE-2020-13160

Disclosure Date: June 09, 2020

Exploitability

(1 user assessed) Moderate
Attack Vector
Network
Privileges Required
None
User Interaction
None

Description

AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.

Add Assessment

2
Ratings
  • Attacker Value
    Low
  • Exploitability
    Medium
Technical Analysis

The AnyDesk GUI is vulnerable to a remotely exploitable format string vulnerability. By sending a specially
crafted discovery packet, an attacker can corrupt the front end process when it loads or refreshes. While the
discovery service is always running, the GUI frontend must be started to trigger the vulnerability. On
successful exploitation, code is executed within the context of the user who started the AnyDesk GUI.

The public PoC works out of the box on Ubuntu 18.04 x64 but requires some work to update the target for newer versions of Ubuntu and other versions of Linux such as Fedora. While the exploit seems reasonably stable for the first exploitation attempt, the GUI becomes unresponsive and subsequent attempts require restarting the service sudo systemctl restart anydesk and restarting the GUI.

A legitimate discovery frame can be sent to a target host to trigger a response. This can be used by an attacker to verify that the service is running, leak the hostname, and determine the operating system.

General Information

Additional Info

Technical Analysis