Vulnerabilities > CVE-2021-44425 - Unspecified vulnerability in Anydesk

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

anydesk

NVD

Published: 2022-09-12

Updated: 2022-09-16

Summary

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port).

Vulnerable Configurations

Part	Description	Count
Application	Anydesk Anydesk Anydesk 6.3.1 Anydesk Anydesk 6.3.2 Anydesk Anydesk - Anydesk Anydesk 5.4.2 Anydesk Anydesk 6.0.8 Anydesk Anydesk 6.1.0	6

References

https://anydesk.com/en/downloads/windows
https://argus-sec.com/discovering-tunneling-service-security-flaws-in-anydesk-remote-application/