CVE-2024-52940 is a vulnerability identified in AnyDesk remote desktop software on Windows platforms up to version 8.1.0. The flaw arises when the 'Allow Direct Connections' feature is enabled, which is intended to facilitate direct peer-to-peer connections for improved performance. However, this feature inadvertently leaks the user's public IP address within the network traffic. The vulnerability is classified under CWE-532, indicating exposure of sensitive information in logs or traffic. An attacker only needs to know the victim's AnyDesk ID to exploit this issue, as no authentication or user interaction is required. The CVSS v3.1 base score is 7.5 (high), reflecting the ease of exploitation over the network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is primarily on confidentiality, as the attacker gains knowledge of the victim's public IP address, which can be used for further reconnaissance, targeted attacks, or privacy violations. There is no direct impact on integrity or availability. Currently, no patches or fixes have been published, and no known exploits have been observed in the wild. This vulnerability highlights the risk of information leakage through network features designed for connectivity optimization.

The primary impact of CVE-2024-52940 is the exposure of the victim's public IP address, which can compromise user privacy and enable attackers to perform targeted reconnaissance. Organizations relying on AnyDesk for remote access may inadvertently reveal network topology details, increasing the risk of follow-on attacks such as targeted phishing, network intrusion attempts, or denial-of-service attacks against exposed IPs. While the vulnerability does not allow direct system compromise, the leaked IP can be a critical piece of intelligence for attackers. This is particularly concerning for organizations handling sensitive or regulated data, as it may violate privacy policies or regulatory requirements. The ease of exploitation without authentication or user interaction broadens the attack surface, especially for organizations with widely distributed remote workforces. The lack of known exploits in the wild reduces immediate risk but does not eliminate the potential for future exploitation. Overall, the vulnerability poses a significant privacy and security risk that could facilitate more severe attacks if combined with other vulnerabilities or social engineering tactics.

To mitigate CVE-2024-52940, organizations should consider the following specific actions: 1) Disable the 'Allow Direct Connections' feature in AnyDesk settings until a patch is available, as this is the root cause of the IP leakage. 2) Restrict AnyDesk usage to trusted networks and VPNs that mask or control public IP exposure. 3) Monitor network traffic for unexpected AnyDesk connections or unusual data flows that could indicate reconnaissance attempts. 4) Educate users about the risks of sharing their AnyDesk ID publicly or with untrusted parties. 5) Implement network-level controls such as firewall rules to limit inbound connections to AnyDesk services only from known IP ranges. 6) Stay informed on AnyDesk security advisories and apply patches promptly once released. 7) Consider alternative remote access solutions with stronger privacy protections if direct connections are essential. These steps go beyond generic advice by focusing on configuration changes, network controls, and user awareness tailored to this specific vulnerability.