CVE-2020-35483 : Security Advisory and Response
Learn about CVE-2020-35483, a vulnerability in AnyDesk before 6.1.0 on Windows allowing attackers to compromise local user accounts via a Trojan horse file. Find mitigation steps here.
AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows the attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file.
Understanding CVE-2020-35483
AnyDesk vulnerability on Windows systems that can lead to compromising local user accounts.
What is CVE-2020-35483?
AnyDesk software, specifically versions before 6.1.0, running in portable mode on Windows, is susceptible to exploitation by attackers with write access to the application directory.
The Impact of CVE-2020-35483
The vulnerability enables attackers to compromise local user accounts through a malicious gcapi.dll file.
Technical Details of CVE-2020-35483
AnyDesk vulnerability details and affected systems.
Vulnerability Description
Attackers with write access to the application directory can compromise local user accounts using a read-only setting for a Trojan horse gcapi.dll file.
Affected Systems and Versions
- AnyDesk versions before 6.1.0 on Windows
Exploitation Mechanism
- Attacker needs write access to the application directory
- Utilizes a read-only setting for a malicious gcapi.dll file
Mitigation and Prevention
Protecting systems from CVE-2020-35483.
Immediate Steps to Take
- Update AnyDesk to version 6.1.0 or newer
- Restrict write access to the application directory
- Implement file integrity monitoring
Long-Term Security Practices
- Regularly update software and applications
- Conduct security audits and penetration testing
Patching and Updates
- Apply patches and updates promptly to mitigate known vulnerabilities