{"vulnerability": "CVE-2024-12754", "sightings": [{"uuid": "a419aab0-0b97-433c-bd7d-d5ca528bb752", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1711/", "content": "", "creation_timestamp": "2024-12-19T05:00:00.000000Z"}, {"uuid": "a59ffce3-1a67-44b5-9fb9-45cfb9ffb77e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113742818700861357", "content": "", "creation_timestamp": "2024-12-30T16:54:38.444807Z"}, {"uuid": "0700adea-edbd-433e-ad56-7e4418519d33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113742833805887907", "content": "", "creation_timestamp": "2024-12-30T16:58:29.038841Z"}, {"uuid": "5ae8d0fb-9a40-4074-903b-fca1f0019d02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lhs75sxhjc2n", "content": "", "creation_timestamp": "2025-02-10T03:27:01.227549Z"}, {"uuid": "1903845f-0dc6-453c-8207-e230d6352e26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-12754", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lhsbiieek22f", "content": "", "creation_timestamp": "2025-02-10T04:08:42.805201Z"}, {"uuid": "3c710e97-9f81-4978-a9e7-5b40b1d3b47c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-12754", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lht6gbxrl5p2", "content": "", "creation_timestamp": "2025-02-10T12:46:37.571444Z"}, {"uuid": "dfa3fbc2-0652-402e-837f-928b3c9c22cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "seen", "source": "https://bsky.app/profile/decrypt.lol/post/3lhtin76fce2q", "content": "", "creation_timestamp": "2025-02-10T15:49:14.119683Z"}, {"uuid": "0ab96344-a564-4900-94ce-26be0523ddd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "seen", "source": "https://threatintel.cc/2025/02/10/hackers-exploit-anydesk-vulnerability-to.html", "content": "", "creation_timestamp": "2025-02-10T10:33:16.000000Z"}, {"uuid": "2c1d5fc6-7438-41c1-aa11-8a8cc18b0043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "seen", "source": "https://bsky.app/profile/gothburz.bsky.social/post/3lhtr5gb2ex24", "content": "", "creation_timestamp": "2025-02-10T18:21:27.425934Z"}, {"uuid": "6b482522-efe6-4ece-9c83-b3a0bc8aa639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lhtrkyerjc26", "content": "", "creation_timestamp": "2025-02-10T18:29:03.050558Z"}, {"uuid": "8d3b1126-bab5-41ac-b10b-b500f07cd493", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lp5gby2zat2z", "content": "", "creation_timestamp": "2025-05-14T16:30:09.011662Z"}, {"uuid": "1862fdfb-146b-4b9a-8ea1-8212f930abca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "seen", "source": "https://infosec.exchange/users/obivan/statuses/113984489341458185", "content": "", "creation_timestamp": "2025-02-11T09:14:39.607461Z"}, {"uuid": "d99408f9-7f2c-433f-86db-f1261d2a045e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/113984909281375169", "content": "", "creation_timestamp": "2025-02-11T11:01:28.848638Z"}, {"uuid": "15bd3642-1c9f-42d3-9c5b-d9f0633af182", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "published-proof-of-concept", "source": "https://t.me/cKure/14325", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Weaponizing Background Images for Information Disclosure && LPE: AnyDesk CVE-2024-12754, ZDI-24-1711.\n\nhttps://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754", "creation_timestamp": "2025-02-14T18:49:59.000000Z"}, {"uuid": "1f998c17-1816-4f28-92b3-22ceb81d315e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "published-proof-of-concept", "source": "https://t.me/P0x3k_1N73LL1G3NC3/25", "content": "CVE-2024-12754 Anydesk LPE POC\n\nArbitrary File Read / Copy Vulnerability found in Anydesk software\n\nAbuse demo: https://youtu.be/HiOJhEpt5Vo\n\nThx: @Michaelzhm", "creation_timestamp": "2025-02-09T09:05:51.000000Z"}, {"uuid": "33feb1d8-4151-4a44-9c98-1c544a0428a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "published-proof-of-concept", "source": "https://t.me/P0x3k_1N73LL1G3NC3/14", "content": "\ud83d\uddbc AnyDesk \u2014 Local Privilege Escalation (CVE-2024-12754)\n\nA vulnerability in AnyDesk allows low-privileged users to perform arbitrary file read and copy operations with NT AUTHORITY\\SYSTEM privileges. Exploitation is possible by manipulating the background image, creating symbolic links, and leveraging ShadowCopy, granting access to SAM, SYSTEM, and SECURITY files, ultimately leading to privilege escalation to administrator.\n\n\ud83d\udd17 Source:\nhttps://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754\n\n#windows #anydesk #lpe #cve", "creation_timestamp": "2025-02-06T13:40:17.000000Z"}, {"uuid": "38be7724-d92d-432d-be9e-bd9a4cbca7d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "published-proof-of-concept", "source": "https://t.me/xatori_sec/1223", "content": "CVE-2024-12754 AnyDesk \n*\nwtf\n*\nLPE poc exploit", "creation_timestamp": "2025-02-13T17:29:46.000000Z"}, {"uuid": "34b9f98d-8735-4dca-af84-79fcdeb83122", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "seen", "source": "https://t.me/cvedetector/13944", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12754 - AnyDesk Background Image Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12754 \nPublished : Dec. 30, 2024, 5:15 p.m. | 44\u00a0minutes ago \nDescription : AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.  \n  \nThe specific flaw exists within the handling of background images. By creating a junction, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-23940. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-30T19:18:38.000000Z"}, {"uuid": "11930426-6d40-4698-882d-1e984bf25ba5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "seen", "source": "https://t.me/ViralCyber/10788", "content": "\u26a0\ufe0f\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062e\u0637\u0631\u0646\u0627\u06a9 Anydesk ! \u0628\u0631\u0648\u0632 \u06a9\u0646\u06cc\u062f!\n\ud83d\udd34\u06cc\u06a9 \u0636\u0639\u0641 \u0627\u0645\u0646\u06cc\u062a\u06cc \u062c\u062f\u06cc\u062f \u062f\u0631 AnyDesk \u06a9\u0634\u0641 \u0634\u062f\u0647 \u06a9\u0647 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u0628\u0627 \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u062a\u0635\u0648\u06cc\u0631 \u067e\u0633\u200c\u0632\u0645\u06cc\u0646\u0647 \u0648\u06cc\u0646\u062f\u0648\u0632 \u062f\u0631 \u062c\u0644\u0633\u0627\u062a \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631\u060c \u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u062f\u06cc\u0631 (Administrator) \u0628\u06af\u06cc\u0631\u0646\u062f! \u0627\u06cc\u0646 \u0645\u0634\u06a9\u0644 \u062f\u0631 \u0646\u0633\u062e\u0647 9.0.1 \u0628\u0631\u0637\u0631\u0641 \u0634\u062f\u0647 \u0627\u0633\u062a \u2013 \u0647\u0645\u06cc\u0646 \u062d\u0627\u0644\u0627 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u06a9\u0646\u06cc\u062f!\n\n\u26a1\ufe0f \u062c\u0632\u0626\u06cc\u0627\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc (CVE-2024-12754)\n\ud83d\udd34 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 AnyDesk \u062a\u0635\u0648\u06cc\u0631 \u067e\u0633\u200c\u0632\u0645\u06cc\u0646\u0647 \u06a9\u0627\u0631\u0628\u0631 \u0631\u0627 \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u0633\u06cc\u0633\u062a\u0645\u06cc (SYSTEM) \u062f\u0631 \u0645\u0633\u06cc\u0631 C:\\Windows\\Temp \u0630\u062e\u06cc\u0631\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f.\n\ud83d\udd34 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0627\u06cc\u0646 \u0641\u0631\u0622\u06cc\u0646\u062f \u0631\u0627 \u0631\u0647\u06af\u06cc\u0631\u06cc \u06a9\u0631\u062f\u0647 \u0648 \u0628\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0633\u06cc\u0633\u062a\u0645\u06cc \u0645\u062b\u0644 SAM\u060c SYSTEM \u0648 SECURITY \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f.\n\ud83d\udd34 \u0627\u06cc\u0646 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0631\u0627\u06cc \u06af\u0631\u0641\u062a\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a\u06cc \u0631\u0648\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0645\u0648\u0631\u062f \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u0628\u06af\u06cc\u0631\u0646\u062f.\n\n\u25c0\ufe0f\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062a\u0648\u0633\u0637 Naor Hodorov \u0648 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0628\u0631\u0646\u0627\u0645\u0647 Trend Micro Zero Day Initiative \u06a9\u0634\u0641 \u0634\u062f\u0647 \u0627\u0633\u062a.\n\n\u2709\ufe0f @PingChannel\n\u062e\u0628\u0631\u060c \u062a\u062d\u0644\u06cc\u0644\u060c \u0627\u0646\u062a\u0642\u0627\u062f - \u0641\u0646\u0627\u0648\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a\n\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\u00a0 \ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b", "creation_timestamp": "2025-02-06T23:46:42.000000Z"}, {"uuid": "d3b38a39-47ca-49bc-836b-574b190accee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "published-proof-of-concept", "source": "Telegram/tvZdzXkKZ27U06jdVi__cs4wGSX_zTcNT9cWAdl0CKJ0LwWf", "content": "", "creation_timestamp": "2025-02-10T09:46:29.000000Z"}, {"uuid": "5808f80f-8ec1-4be9-9b29-5ce5179db5fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1536", "content": "Penetration/POCs/CVE-2024-12754 at main \u00b7 CICADA8-Research/Penetration \n\nhttps://github.com/CICADA8-Research/Penetration/tree/main/POCs/CVE-2024-12754\n\n#Tools@CyberDilara", "creation_timestamp": "2025-02-21T04:08:04.000000Z"}, {"uuid": "e2476b70-0165-45ec-81b7-b16449c379c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2514", "content": "CVE-2024-12754 AnyDesk \n*\nwtf\n*\nLPE poc exploit", "creation_timestamp": "2025-02-10T09:11:08.000000Z"}, {"uuid": "2dfd230d-500d-4f62-a9b5-7619b45a8f89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8019", "content": "Penetration/POCs/CVE-2024-12754 at main \u00b7 CICADA8-Research/Penetration \n\nhttps://github.com/CICADA8-Research/Penetration/tree/main/POCs/CVE-2024-12754\n\n#Tools@CyberDilara", "creation_timestamp": "2025-02-25T13:04:42.000000Z"}, {"uuid": "36eba812-5bca-4e2d-91b3-2c3dc2e76903", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "published-proof-of-concept", "source": "https://t.me/cyberden_team/530", "content": "\ud83d\uddbc AnyDesk \u2014 Local Privilege Escalation (CVE-2024-12754)\n\nA vulnerability in AnyDesk allows low-privileged users to perform arbitrary file read and copy operations with NT AUTHORITY\\SYSTEM privileges. Exploitation is possible by manipulating the background image, creating symbolic links, and leveraging ShadowCopy, granting access to SAM, SYSTEM, and SECURITY files, ultimately leading to privilege escalation to administrator.\n\n\ud83d\udd17 Source:\nhttps://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754\n\n#windows #anydesk #lpe #cve", "creation_timestamp": "2025-02-06T19:39:34.000000Z"}, {"uuid": "3a93ed0c-140a-412f-aede-024a4f455bdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12754", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1580", "content": "\ud83d\uddbc AnyDesk \u2014 Local Privilege Escalation (CVE-2024-12754)\n\nA vulnerability in AnyDesk allows low-privileged users to perform arbitrary file read and copy operations with NT AUTHORITY\\SYSTEM privileges. Exploitation is possible by manipulating the background image, creating symbolic links, and leveraging ShadowCopy, granting access to SAM, SYSTEM, and SECURITY files, ultimately leading to privilege escalation to administrator.\n\n\ud83d\udd17 Source:\nhttps://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754\n\n#windows #anydesk #lpe #cve", "creation_timestamp": "2025-02-06T12:32:19.000000Z"}]}