CVE-2024-12754

Published Dec 30, 2024

Last updated a month ago

CVSS medium 5.5

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-12754 is a vulnerability found in the AnyDesk remote administration software. It allows local attackers to escalate their privileges on affected Windows systems. The vulnerability exists due to how the AnyDesk service manages background images during remote sessions. More specifically, the service copies the user's background image to the `C:\Windows\Temp` directory with `NT AUTHORITY\SYSTEM` privileges, which can be exploited by an attacker. By manipulating this process, for example, by using a junction, an attacker who can run low-privileged code on the system can potentially read arbitrary files. This could lead to the disclosure of sensitive information, such as stored credentials, which could be used for further compromise. The vulnerability has been patched in AnyDesk version 9.0.1.

Description
AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of background images. By creating a junction, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-23940.
Source
zdi-disclosures@trendmicro.com
NVD status
Received

Risk scores

CVSS 3.0

Type
Secondary
Base score
5.5
Impact score
3.6
Exploitability score
1.8
Vector string
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

zdi-disclosures@trendmicro.com
CWE-59

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

29

  1. Penetration/POCs/CVE-2024-12754 at main · CICADA8-Research/Penetration · GitHub https://t.co/qvlPRCGLEy

    @N0tus3rF0und

    11 Feb 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🔥 ¡Alerta Crítica! CVE-2024-12754 en AnyDesk Expone Credenciales y Datos Sensibles https://t.co/ypKSD44gpj

    @tpx_Security

    11 Feb 2025

    73 Impressions

    2 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. 🚨Alert🚨 CVE-2024-12754 : AnyDesk Link Following Information Disclosure Vulnerability 🔥PoC:https://t.co/Z1vBUyrH6A 📊 13K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/8S4JiFmCQP 👇Query HUNTER : https://t.co/q9rtuGgxk7="AnyDesk" FOFA :…

    @HunterMapping

    11 Feb 2025

    3028 Impressions

    15 Retweets

    51 Likes

    23 Bookmarks

    0 Replies

    0 Quotes

  4. Vulnerabilidad en AnyDesk CVE-2024-12754 https://t.co/ZmgMTgsOx8

    @ishowcybersec

    10 Feb 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Vulnerabilidad en AnyDesk PoC disponible https://t.co/Rx2bfHGilO CVE-2024-12754 https://t.co/Aj4PENSGcD https://t.co/W3XAOFtdZD

    @elhackernet

    10 Feb 2025

    53474 Impressions

    197 Retweets

    740 Likes

    416 Bookmarks

    5 Replies

    10 Quotes

  6. AnyDeskの権限昇格脆弱性CVE-2024-12754に対応するPoC(攻撃の概念実証コード)が公表された。SAM、SYSTEM、SECURITY等の機微ファイルを窃取可能なことを提示。 https://t.co/NjWbaU8oFs

    @__kokumoto

    10 Feb 2025

    2164 Impressions

    6 Retweets

    23 Likes

    12 Bookmarks

    1 Reply

    0 Quotes

  7. AnyDesk Exploit Alert: CVE-2024-12754 Enables Privilege Escalation—PoC Available https://t.co/7nE1OxAbHt

    @samilaiho

    10 Feb 2025

    876 Impressions

    2 Retweets

    10 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  8. 🏷️ AnyDesk Privilege Escalation Vulnerability | ⚠️ Medium 🔖 CVE-2024-12754 | CVSS: 5.5 (Medium) 📅 Timeline: Disclosure 2024-04-02 | Patch 9.0.1 📌 MITRE ATT&CK: Privilege Escalation (T1068) 📝 Technical Overview Base Metrics: AV:L/AC:L/AT:N/PR:L/UI:N/S:U/C:L/I:L/A:N…

    @syedaquib77

    10 Feb 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Top 5 Trending CVEs: 1 - CVE-2024-12754 2 - CVE-2025-23369 3 - CVE-2024-46982 4 - CVE-2025-23419 5 - CVE-2025-20124 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    10 Feb 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. AnyDesk Exploit Alert: CVE-2024-12754 Enables Privilege Escalation—PoC Available - https://t.co/J5TBdWnx6D #CyberSecurity #CyberSecurityAwareness #cybersecuritytips #Hacking #devopsprofessional #sysadmin #BusinessOwner

    @HugoValters

    10 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  11. AnyDesk Exploit Alert: CVE-2024-12754 Enables Privilege Escalation—PoC Available https://t.co/FG2xFyrHWx

    @Dinosn

    10 Feb 2025

    11141 Impressions

    106 Retweets

    281 Likes

    94 Bookmarks

    0 Replies

    0 Quotes

  12. AnyDesk Exploit Alert: CVE-2024-12754 Enables Privilege Escalation—PoC Available Discover the security flaw, CVE-2024-12754, found in #AnyDesk. Find out how this vulnerability could grant unauthorized access and complete control of a system https://t.co/pNocwoQ7NN

    @the_yellow_fall

    10 Feb 2025

    564 Impressions

    1 Retweet

    8 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2024-12754: AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk PoC https://t.co/XiBmXekQ7v https://t.co/EEKgia6qK3

    @cyber_advising

    10 Feb 2025

    1361 Impressions

    4 Retweets

    24 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  14. Penetration/POCs/CVE-2024-12754 at main · CICADA8-Research/Penetration · GitHub - https://t.co/fpr3Lx62b7

    @piedpiper1616

    9 Feb 2025

    555 Impressions

    2 Retweets

    4 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  15. شناسایی آسیب ‌پذیری CVE-2024-12754 در AnyDesk #Cyber_Security_News #اخبار_امنیت_سایبری #CVE_2024_12754 #AnyDesk https://t.co/hR7Yq5vli1

    @vulnerbyte

    9 Feb 2025

    46 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. AnyDesk 本地权限提升漏洞 (CVE-2024-12754) AnyDesk 中的一个漏洞允许低权限用户以 NT AUTHORITY\SYSTEM 权限执行任意文件读取和复制操作。该漏洞可通过操控背景图片、创建符号链接并利用 ShadowCopy 进行利用,从而访问 SAM、SYSTEM 和 SECURITY 文件,最终实现提升权限至管理员。 https://t.co/M5xMSvpzZe

    @flag_1snOt_here

    9 Feb 2025

    475 Impressions

    0 Retweets

    6 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  17. Hi friends, Recently @mansk1es presented his research about LPE in AnyDesk (CVE-2024-12754). Our team developed a POC on this vulnerability😀 Check it here: https://t.co/WPbwiUbLsS https://t.co/gzFdfzucc0

    @CICADA8Research

    9 Feb 2025

    7769 Impressions

    43 Retweets

    151 Likes

    55 Bookmarks

    0 Replies

    0 Quotes

  18. کشف اسیب پذیری برای ابزارAnyDesk ابزار AnyDesk خود را به روز رسانی کنید. به تازگی برای ابزار AnyDesk که توسط خیلی از شرکت ها و کاربران برای ارتباط ریموت به سیستم ها استفاده می شود، آسیب پذیری با کد شناسایی CVE-2024-12754 و از نوع privilege escalation منتشر شده است.

    @cybernetic_cy

    8 Feb 2025

    96 Impressions

    2 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. ابزار AnyDesk خود را به روز رسانی کنید. به تازگی برای ابزار AnyDesk که توسط خیلی از شرکت ها و کاربران برای ارتباط ریموت به سیستم ها استفاده می شود، آسیب پذیری با کد شناسایی CVE-2024-12754 و از نوع privilege escalation منتشر شده است. https://t.co/Poz3aKY03t https://t.co/PEhSS7K8TN

    @AmirHossein_sec

    7 Feb 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Una vulnerabilidad reciente en AnyDesk (CVE-2024-12754), un software de escritorio remoto, permite explotar el manejo de imágenes de fondo de Windows y obtener acceso no autorizado a archivos confidenciales del sistema, pudiendo escalar sus privilegios a niveles de admin. 🧉 htt

    @MarquisioX

    6 Feb 2025

    39 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. AnyDeskに武器化されたWindows壁紙によるローカル権限昇格の脆弱性。CVE-2024-12754は2024/7/24に修正済みだったもの。セッション開始時にユーザの壁紙をC:¥Windows¥Temp以下にコピーするが、その際にSYSTEM権限が使用される。 https://t.co/eWw2VwhpEo 同ディレクトリにうまく標的を作っておくと… https://t.co/nDCY8MYTZe

    @__kokumoto

    6 Feb 2025

    3225 Impressions

    15 Retweets

    46 Likes

    19 Bookmarks

    0 Replies

    1 Quote

  22. Weaponizing Windows Background Images to Gain Admin Access Read More: https://t.co/kF1PubLgcw The vulnerability identified by CVE-2024-12754 and tracked by ZDI-24-1711 allows local attackers to exploit the handling of Windows background images.

    @gbhackers_news

    6 Feb 2025

    139 Impressions

    1 Retweet

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  23. Check out my new blog post, "Weaponizing Background Images for Information Disclosure and LPE" where I walk through the AnyDesk vuln I found a few months ago (CVE-2024-12754/ZDI-24-1711): https://t.co/Tv5y645wAn

    @mansk1es

    5 Feb 2025

    2576 Impressions

    11 Retweets

    37 Likes

    16 Bookmarks

    1 Reply

    0 Quotes

  24. CVE-2024-12754 AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of … https://t.co/7EjddcLhWW

    @CVEnew

    30 Dec 2024

    388 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References