CVE-2021-40854

Published: Oct 14, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications.

Affected (2)

Products: Anydesk: Anydesk

Anydesk

1 product

Anydesk

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Anydesk Anydesk	After 6.2.6 to 6.3.2
Anydesk Anydesk	From 3.1.0 to 6.2.6

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://anydesk.com/cve/2021-40854/

Source: cve@mitre.org

Vendor Advisory

https://anydesk.com/cve/2021-40854/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.