Low
CVE-2020-13160
Add Reference
Description
URL
Type
CVE-2020-13160
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Description
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
Add Assessment
Ratings
-
Attacker ValueLow
-
ExploitabilityMedium
Technical Analysis
The AnyDesk GUI is vulnerable to a remotely exploitable format string vulnerability. By sending a specially
crafted discovery packet, an attacker can corrupt the front end process when it loads or refreshes. While the
discovery service is always running, the GUI frontend must be started to trigger the vulnerability. On
successful exploitation, code is executed within the context of the user who started the AnyDesk GUI.
The public PoC works out of the box on Ubuntu 18.04 x64 but requires some work to update the target for newer versions of Ubuntu and other versions of Linux such as Fedora. While the exploit seems reasonably stable for the first exploitation attempt, the GUI becomes unresponsive and subsequent attempts require restarting the service sudo systemctl restart anydesk
and restarting the GUI.
A legitimate discovery frame can be sent to a target host to trigger a response. This can be used by an attacker to verify that the service is running, leak the hostname, and determine the operating system.
CVSS V3 Severity and Metrics
General Information
References
Additional Info
Technical Analysis
Report as Exploited in the Wild
What do we mean by "exploited in the wild"?
By selecting this, you are verifying to the AttackerKB community that either you, or a reputable source (example: a security vendor or researcher), has observed an active attempt by attackers, or IOCs related, to exploit this vulnerability outside of a research environment.
A vulnerability should also be considered "exploited in the wild" if there is a publicly available PoC or exploit (example: in an exploitation framework like Metasploit).