Executive Summary

The vulnerability CVE-2016-20094 in AnyDesk 2.5.0 is an unquoted service path issue. This means the Windows service installed by AnyDesk does not have its executable path enclosed in quotes. Because of this, a local attacker can place malicious executables in certain system directories, such as the system root path. When the service starts or the system reboots, these malicious executables can be run with SYSTEM-level privileges, allowing the attacker to execute arbitrary code with high-level access.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows a local user with limited privileges to escalate their privileges to SYSTEM level, which is the highest level of access on a Windows system. By exploiting the unquoted service path, an attacker can execute arbitrary code with SYSTEM privileges during service startup or system reboot. This can lead to full control over the affected system, unauthorized access to sensitive data, installation of persistent malware, and potential disruption of system operations.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking for unquoted service paths in the AnyDesk service installation on Windows systems. Specifically, you need to verify if the service path for AnyDesk is not enclosed in quotation marks, which allows for privilege escalation.

• Use the command: sc qc AnyDesk to query the service configuration and check the binary path.
• Alternatively, use PowerShell to list services and their paths, for example: Get-WmiObject win32_service | where {$_.name -eq 'AnyDesk'} | select PathName
• Inspect the output to see if the path to the executable is unquoted and contains spaces, which indicates vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, immediately ensure that the service path for AnyDesk is properly quoted to prevent execution of malicious code.

You should update AnyDesk to a version later than 2.5.0 where this issue is fixed or manually correct the service path.

• Edit the service path to enclose it in quotation marks using the registry or sc config command.
• Remove any suspicious executables from the system root directory that could be exploited.
• Restrict local user permissions to prevent unauthorized file placement in system directories.

Reboot the system after applying these changes to ensure the corrected service path is used.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows local attackers to escalate privileges to SYSTEM level by exploiting an unquoted service path in AnyDesk 2.5.0. This unauthorized privilege escalation could lead to unauthorized access or control over sensitive systems and data.

Such unauthorized access and potential data compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive personal and health information.

However, the provided information does not explicitly mention the direct impact on compliance frameworks.

Useful 0 Not Useful 0