CVE-2024-52940

{"id": "CVE-2024-52940", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-18T05:15:05.200", "references": [{"url": "https://download.anydesk.com/changelog.txt", "source": "cve@mitre.org"}, {"url": "https://github.com/ebrasha/abdal-anydesk-remote-ip-detector", "source": "cve@mitre.org"}, {"url": "https://x.com/ProfShafiei/status/1850856458017009830", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID."}, {"lang": "es", "value": "AnyDesk hasta la versi\u00f3n 8.1.0 en Windows, cuando est\u00e1 habilitada la opci\u00f3n Permitir conexiones directas, expone inadvertidamente una direcci\u00f3n IP p\u00fablica dentro del tr\u00e1fico de la red. El atacante debe conocer el ID de AnyDesk de la v\u00edctima."}], "lastModified": "2024-11-18T17:11:17.393", "sourceIdentifier": "cve@mitre.org"}