A critical vulnerability in AnyDesk, a popular remote desktop application, has been discovered that could allow attackers to expose users’ IP addresses.
The flaw, identified as CVE-2024-52940, affects AnyDesk versions 8.1.0 and earlier on Windows systems.
Security researcher Ebrahim Shafiei (EbraSha) discovered this vulnerability on October 27, 2024. It exploits AnyDesk’s “Allow Direct Connections” feature.
When this option is enabled and the connection port is set to 7070 on the attacker’s system, it becomes possible to retrieve the public IP address of a target using only their AnyDesk ID, without any configuration changes on the target system.
This zero-day vulnerability poses significant privacy risks, inadvertently exposing sensitive IP information within network traffic.
Besides this, security analysts identified that the attackers can easily identify this information through network sniffing on their own systems. Moreover, if both the attacker and the target are on the same local network, the target’s private IP address may also be accessible.
Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar
AnyDesk Vulnerability Details
The flaw has been officially registered as CVE-2024-52940 by the National Institute of Standards and Technology (NIST), Tenable, and MITRE. It has been assigned a CVSS base score of 7.5, indicating a high severity level.
Key aspects of the vulnerability include:-
- Ability to retrieve the public IP address of a remote system using only the AnyDesk ID
- Potential for private IP detection within local network connections
- No complex dependencies or specific prerequisites required to exploit the vulnerability
.webp)
This vulnerability raises serious concerns about user privacy and security. Malicious actors could potentially use this flaw to:-
- Track user locations
- Launch targeted attacks
- Bypass certain security measures that rely on IP-based authentication
As of now, no official patch or fixed version from AnyDesk is available to address this vulnerability. Users are advised to take the following precautions:
- Disable the “Allow Direct Connections” feature in AnyDesk settings if not strictly necessary
- Monitor for any suspicious connection attempts
- Use a VPN service to mask your real IP address when using AnyDesk
- Keep AnyDesk updated and watch for any security announcements from the company
AnyDesk users should remain vigilant and consider alternative remote desktop solutions until a fix is released. The cybersecurity community eagerly awaits an official response and patch from AnyDesk to address this critical vulnerability.
As remote work continues to be prevalent, both users and software developers must prioritize security in remote access tools.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free