Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
AnyDesk 7.0.15 - Unquoted Service Path - exploit.company
header-logo
Suggest Exploit
vendor:
AnyDesk
by:
Milad Karimi (Ex3ptionaL)
6.1
CVSS
HIGH
Unquoted Service Path
428
CWE
Product Name: AnyDesk
Affected Version From: 7.0.15
Affected Version To: 7.0.15
Patch Exists: NO
Related CWE:
CPE: a:anydesk:anydesk:7.0.15
Metasploit:
Other Scripts:
Platforms Tested: Windows 10 Pro x64
2024

AnyDesk 7.0.15 – Unquoted Service Path

AnyDesk version 7.0.15 installs a service with an unquoted service path that runs with SYSTEM privileges. This vulnerability could be exploited by an authorized non-privileged local user to execute arbitrary code with elevated privileges on the system.

Mitigation:

To mitigate this vulnerability, the service path for AnyDesk should be quoted properly. Ensure that all services have properly quoted paths to prevent unauthorized code execution.
Source

Exploit-DB raw data:

# Exploit Title: AnyDesk 7.0.15 - Unquoted Service Path
# Date: 2024-04-01
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Contact: miladgrayhat@gmail.com
# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
# Vendor Homepage: http://anydesk.com
# Software Link: http://anydesk.com/download
# Version: Software Version 7.0.15
# Tested on: Windows 10 Pro x64

1. Description:

The Anydesk installs as a service with an unquoted service path running
with SYSTEM privileges.
This could potentially allow an authorized but non-privileged local
user to execute arbitrary code with elevated privileges on the system.

2. Proof

C:\>sc qc anydesk
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: anydesk
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\Program Files (x86)\AnyDesk\AnyDesk.exe"
--service
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : AnyDesk Service
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem


C:\>systeminfo

OS Name:  Microsoft Windows 10 Pro
OS Version: 10.0.19045 N/A Build 19045
OS Manufacturer: Microsoft Corporation

Navigation

Suggest Exploit

Services By CQR