AnyDesk Vulnerability CVE-2024-12754 Allows Privilege Escalation
/ 1 min read
🛠️ Critical vulnerability in AnyDesk allows privilege escalation. Security researcher Naor Hodorov has identified a significant vulnerability, CVE-2024-12754, in AnyDesk, a widely used remote administration tool, which could enable low-privileged users to gain elevated access and potentially control a system. The flaw arises from the AnyDesk service’s ability to perform arbitrary file operations with system-level privileges, allowing attackers to overwrite sensitive files in the C:\Windows\Temp directory. This could lead to unauthorized access to critical system files and user credentials. AnyDesk has released a patch in version v9.0.1, and users are urged to update promptly to mitigate risks. A Proof-of-Concept exploit is available on GitHub for those interested in the technical aspects of the vulnerability.
