U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): AnyDesk
  • Search Type: Search All
  • CPE Name Search: false
There are 10 matching records.
Displaying matches 1 through 10.
Vuln ID Summary CVSS Severity

AnyDesk 7.0.8 allows remote Denial of Service.

Published: July 03, 2023; 11:15:10 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim.

Published: September 12, 2022; 5:15:09 PM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port).

Published: September 12, 2022; 5:15:09 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there.

Published: July 18, 2022; 9:15:10 AM -0400
V4.0:(not available)
V3.1: 7.1 HIGH
V2.0:(not available)

AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications.

Published: October 14, 2021; 1:15:07 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM

AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file.

Published: January 11, 2021; 10:15:13 AM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM

AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation.

Published: December 08, 2020; 7:15:13 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.

Published: June 09, 2020; 1:15:10 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability.

Published: July 03, 2018; 12:29:00 PM -0400
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM

AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.

Published: September 12, 2017; 5:29:00 PM -0400
V4.0:(not available)
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH