Unrated severityNVD Advisory· Published Jul 18, 2022· Updated Aug 3, 2024
CVE-2022-32450
CVE-2022-32450
Description
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there.
Affected products
2Patches
Vulnerability mechanics
References
4- anydesk.commitrex_refsource_MISC
- packetstormsecurity.com/files/167608/AnyDesk-7.0.9-Arbitrary-File-Write-Denial-Of-Service.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2022/Jul/9mitremailing-listx_refsource_FULLDISC
- seclists.org/fulldisclosure/2022/Jun/44mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.