CVE-2024-52940

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 18, 2024

CWE ID 532

Summary

CVE-2024-52940 is a newly disclosed vulnerability affecting AnyDesk on Windows systems. This issue allows an attacker, who is already aware of the victim's AnyDesk ID, to inadvertently expose the victim's public IP address through network traffic. When the "Allow Direct Connections" setting is enabled, the vulnerable version of AnyDesk (8.1.0 and below) sends this IP address in plaintext during data transfer, putting users at risk of unauthorized access and potential cyberattacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

AnyDesk

Affected Vendors

AnyDesk Software GmbH

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/0pM6Zd
https://www.cve.org/CVERecord?id=CVE-2024-52940
https://nvd.nist.gov/vuln/detail/CVE-2024-52940

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners