Let’s assume two people are connected to the same remote Anydesk session. CVE-2021-44426: A malicious file can be planted in an unsuspecting victim’s computer The Issue Additionally, the attacker would have access to the Anydesk tunneling communication stack of the corporate worker. The attacker would potentially be able to compromise the service listening to the port, and possibly advance further within the “secure” corporate network and access sensitive data. If he does so while connecting to a non-secure network (e.g., he is connected to a café hotspot), an attacker connected to the same café hotspot would have direct access to the corporate remote server via the exposed tunneled port. Let’s assume a corporate worker uses the Anydesk tunneling feature to connect to a remote server within his organizational network and proceeds to interact with an internal service using the tunneled port. The AnyDesk software on the connecting client listens for connections to the tunnel on all interfaces: The issue pertains to configuring a TCP tunnel to a remote AnyDesk device, e.g.: CVE-2021-44425: Tunneling socket unnecessarily binds to default route The Issue This post describes both security issues and their potential impact on anyone using the AnyDesk tunneling service. Identify fraudulent activity in software-defined vehicles to minimize financial and reputational risk.Īchieve continuous compliance with management and operations for automotive cyber security.Īnydesk is a remote desktop application that has amassed popularity and market share in recent years with the growing adoption of remote work models.ĭuring routine work with Anydesk, Argus’ research team stumbled upon & reported two security flaws (aka CVEs) that could possibly impact users. Secure vehicles and fleets with an award-winning solution for automotive cyber security and compliance. Scan and detect vulnerabilities throughout the vehicle lifecycleĮstablish or expand security operations centers for vehicle fleetsĬompliance readiness solution for small-series OEMs and specialized suppliers Monitor, detect and prevent attacks of CAN trafficĪdvanced threat detection and attack prevention for Ethernet Reduce risk with threat detection and protection for ECUs
1 Comment
1/16/2024 05:48:31 pm
Software-defined vehicles leverage advanced computing and software technologies to transform traditional automobiles into intelligent, connected platforms. These vehicles rely on programmable software to control various functions, including navigation, safety features, and performance optimization. Through over-the-air updates, manufacturers can enhance capabilities, address security concerns, and introduce new features without physical modifications. This approach facilitates rapid innovation, adaptability to changing needs, and the integration of emerging technologies, shaping the future of transportation with dynamic, customizable, and connected driving experiences.
Reply
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |