CVE-2024-12754
Published: 30 December 2024
Summary
CVE-2024-12754 is a medium-severity Link Following (CWE-59) vulnerability in Anydesk Anydesk. Its CVSS base score is 5.5 (Medium).
Operationally, ranked in the top 10.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-12754 is a link-following information disclosure vulnerability in AnyDesk. The flaw resides in the application's handling of background images, where improper resolution of junctions allows a local process to redirect file reads performed by the AnyDesk service. Successful exploitation grants read access to arbitrary files on the system, including stored credentials.
An attacker who already possesses the ability to run low-privileged code on the target host can create a junction pointing to a sensitive file and trigger the background-image processing path. This action causes the AnyDesk service to disclose the file contents, enabling the attacker to obtain credentials that may facilitate further privilege escalation or lateral movement. The vulnerability carries a CVSS v3 score of 5.5 and is tracked as ZDI-CAN-23940.
The single published reference points to the Zero Day Initiative advisory ZDI-24-1711, which describes the issue but supplies no additional mitigation details in the available data. The associated EPSS scores remain low, with a current value of 0.0449 and a peak of 0.0500, indicating no significant post-disclosure rise in observed exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51089
Vulnerability details
AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…
more
vulnerability. The specific flaw exists within the handling of background images. By creating a junction, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-23940.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.