VYPR
Unrated severityNVD Advisory· Published Jul 18, 2022· Updated Aug 3, 2024

CVE-2022-32450

CVE-2022-32450

Description

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there.

Affected products

2
  • Anydesk/Anydeskcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 7.0.9

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.