virus logo FortiClient Vulnerability

Unrestricted Upload of File with Dangerous Type Vulnerability CVE-2021-44426 for AnyDesk

description-logoDescription

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim\'s local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim.

affected-products-logoAffected Applications

AnyDesk

CVE References

CVE-2021-44426

Other References

https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/
ID 4532
Created Sep 28, 2022
Description
Updated		 Sep 28, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor AnyDesk
Patch manual
Application AnyDesk