CVE-2024-12754 in AnyDesk
Summary
by MITRE • 12/30/2024
AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of background images. By creating a junction, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-23940.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 08/14/2025
The CVE-2024-12754 vulnerability represents a critical information disclosure flaw within AnyDesk remote desktop software that enables local attackers to access sensitive system data through improper handling of background image processing. This vulnerability specifically affects installations where the service processes background images without adequate validation mechanisms, creating a pathway for unauthorized file access. The flaw manifests when the application fails to properly sanitize file paths during background image operations, allowing malicious actors to manipulate the system's file handling routines through crafted junction points.
The technical implementation of this vulnerability stems from insufficient input validation and improper access control mechanisms within AnyDesk's background image processing functionality. When the service attempts to handle background images, it creates a junction point that can be exploited by attackers who have already gained low-privileged code execution capabilities on the target system. This represents a classic case of improper privilege management and inadequate file system access controls, aligning with CWE-284 which addresses improper access control issues. The vulnerability operates through a path traversal mechanism that allows attackers to bypass normal file system restrictions and read arbitrary files from the system.
The operational impact of this vulnerability extends beyond simple information disclosure, as it provides attackers with the ability to access stored credentials and sensitive system data that could lead to further compromise. Attackers can leverage this vulnerability to escalate privileges or move laterally within a network by accessing credential files, configuration data, or other sensitive information stored on the system. This vulnerability directly impacts the principle of least privilege and could enable attackers to establish persistence within the target environment. The threat model aligns with ATT&CK technique T1074 which covers data staging and T1566 which covers credential access through exploitation of software vulnerabilities.
Mitigation strategies for CVE-2024-12754 should focus on implementing proper input validation and access control measures within the AnyDesk service. Organizations should ensure that background image processing routines properly validate all file paths and implement strict access controls to prevent unauthorized file access. System administrators should apply the latest security patches provided by AnyDesk vendors and implement network segmentation to limit the potential impact of such vulnerabilities. Additional protective measures include monitoring for suspicious file access patterns, implementing privilege separation for service operations, and conducting regular security assessments of remote desktop software installations. The vulnerability demonstrates the importance of secure coding practices and proper file system access controls in preventing information disclosure attacks that could compromise entire network infrastructures.