{"id":332,"date":"2021-10-18T09:51:21","date_gmt":"2021-10-18T09:51:21","guid":{"rendered":"https:\/\/labs.redyops.com\/?p=332"},"modified":"2021-10-19T05:56:45","modified_gmt":"2021-10-19T05:56:45","slug":"anydesk-escalation-of-privilege-cve-2021-40854","status":"publish","type":"post","link":"https:\/\/labs.redyops.com\/index.php\/2021\/10\/18\/anydesk-escalation-of-privilege-cve-2021-40854\/","title":{"rendered":"AnyDesk Escalation of Privilege (CVE-2021-40854)"},"content":{"rendered":"
<\/a><\/a><\/a><\/a><\/a><\/a><\/a><\/a><\/a><\/a><\/a><\/div><\/div>\n\n\n\n

Summary<\/strong><\/h1>\n\n\n\n

Assigned CVE<\/strong>: CVE-2021-40854<\/em> has been assigned for the report of RedyOps Labs.<\/p>\n\n\n\n

Known to Neurosoft’s RedyOps Labs since<\/strong>: 20\/07\/2021<\/p>\n\n\n\n

Exploit<\/strong> Code<\/strong>: N\/A<\/p>\n\n\n\n

Vendor’s Advisory<\/strong>: https:\/\/anydesk.com\/cve\/2021-40854\/ <\/a><\/p>\n\n\n\n

An Elevation of Privilege (EoP) exists in AnyDesk for Windows from versions 3.1.0 to 6.3.2 (excluding 6.2.6). The vulnerability described gives the ability to a low privileged user to gain access as NT AUTHORITY\\SYSTEM. <\/p>\n\n\n\n

The exploitation took place in an installed version of AnyDesk .<\/p>\n\n\n\n

Description<\/strong><\/h1>\n\n\n\n

When someone asks to perform a connection to your AnyDesk, the User Interface (UI) which is presented in order for you to accept the connection and specify the permissions, runs as NT AUTHORITY\\SYSTEM.<\/p>\n\n\n\n

In this same UI, you can open the chat log, by pressing the “Open Chat Log”. The notepad which opens, runs as NT AUTHORITY\\SYSTEM . <\/p>\n\n\n\n

The escalation from that point is trivial, as presented in the following video.<\/p>\n\n\n\n

Exploitation<\/strong><\/h1>\n\n\n\n

In order to Exploit the issue, no special program is needed . <\/p>\n\n\n\n

Video PoC Step By Step<\/strong><\/h1>\n\n\n\n
\n