header-logo
Suggest Exploit
vendor:
AnyDesk
by:
Milad Karimi (Ex3ptionaL)
6.1
CVSS
HIGH
Unquoted Service Path
428
CWE
Product Name: AnyDesk
Affected Version From: 7.0.15
Affected Version To: 7.0.15
Patch Exists: NO
Related CWE:
CPE: a:anydesk:anydesk:7.0.15
Metasploit:
Other Scripts:
Platforms Tested: Windows 10 Pro x64
2024

AnyDesk 7.0.15 – Unquoted Service Path

AnyDesk version 7.0.15 installs a service with an unquoted service path that runs with SYSTEM privileges. This vulnerability could be exploited by an authorized non-privileged local user to execute arbitrary code with elevated privileges on the system.

Mitigation:

To mitigate this vulnerability, the service path for AnyDesk should be quoted properly. Ensure that all services have properly quoted paths to prevent unauthorized code execution.
Source

Exploit-DB raw data:

# Exploit Title: AnyDesk 7.0.15 - Unquoted Service Path
# Date: 2024-04-01
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Contact: miladgrayhat@gmail.com
# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
# Vendor Homepage: http://anydesk.com
# Software Link: http://anydesk.com/download
# Version: Software Version 7.0.15
# Tested on: Windows 10 Pro x64

1. Description:

The Anydesk installs as a service with an unquoted service path running
with SYSTEM privileges.
This could potentially allow an authorized but non-privileged local
user to execute arbitrary code with elevated privileges on the system.

2. Proof

C:\>sc qc anydesk
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: anydesk
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\Program Files (x86)\AnyDesk\AnyDesk.exe"
--service
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : AnyDesk Service
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem


C:\>systeminfo

OS Name:  Microsoft Windows 10 Pro
OS Version: 10.0.19045 N/A Build 19045
OS Manufacturer: Microsoft Corporation