Important AnyDesk Vulnerability Let Attackers Uncover Person IP Tackle

A important vulnerability in AnyDesk, a well-liked distant desktop utility, has been found that would permit attackers to reveal customers’ IP addresses.

The flaw, recognized as CVE-2024-52940, impacts AnyDesk variations 8.1.0 and earlier on Home windows programs.

Safety researcher Ebrahim Shafiei (EbraSha) found this vulnerability on October 27, 2024. It exploits AnyDesk’s “Enable Direct Connections” characteristic.

When this feature is enabled and the connection port is about to 7070 on the attacker’s system, it turns into potential to retrieve the general public IP deal with of a goal utilizing solely their AnyDesk ID, with none configuration modifications on the goal system.

This zero-day vulnerability poses important privateness dangers, inadvertently exposing delicate IP info inside community visitors.

Apart from this, safety analysts identified that the attackers can simply determine this info by means of community sniffing on their very own programs. Furthermore, if each the attacker and the goal are on the identical native community, the goal’s non-public IP deal with may be accessible.

Maximizing Cybersecurity ROI: Professional Ideas for SME & MSP Leaders – Attend Free Webinar

AnyDesk Vulnerability Particulars

The flaw has been formally registered as CVE-2024-52940 by the Nationwide Institute of Requirements and Expertise (NIST), Tenable, and MITRE. It has been assigned a CVSS base rating of seven.5, indicating a excessive severity stage.

Key elements of the vulnerability embrace:-

• Capability to retrieve the general public IP deal with of a distant system utilizing solely the AnyDesk ID
• Potential for personal IP detection inside native community connections
• No advanced dependencies or particular conditions required to take advantage of the vulnerability

This vulnerability raises critical issues about consumer privateness and safety. Malicious actors might doubtlessly use this flaw to:-

1. Observe consumer places
2. Launch focused assaults
3. Bypass sure security measures that depend on IP-based authentication

As of now, no official patch or fastened model from AnyDesk is out there to deal with this vulnerability. Customers are suggested to take the next precautions:

1. Disable the “Enable Direct Connections” characteristic in AnyDesk settings if not strictly obligatory
2. Monitor for any suspicious connection makes an attempt
3. Use a VPN service to masks your actual IP deal with when utilizing AnyDesk
4. Maintain AnyDesk up to date and look ahead to any safety bulletins from the corporate

AnyDesk customers ought to stay vigilant and contemplate various distant desktop options till a repair is launched. The cybersecurity neighborhood eagerly awaits an official response and patch from AnyDesk to deal with this important vulnerability.

As remote work continues to be prevalent, each customers and software program builders should prioritize safety in distant entry instruments.

Are you from SOC/DFIR Groups? – Analyse Malware Information & Hyperlinks with ANY.RUN -> Try for Free