Parallels Desktop 17.1.1 permission assignment

A vulnerability, which was classified as critical, was found in Parallels Desktop 17.1.1. This affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field07/19/2022 10:05 AM08/06/2022 12:22 PM
cve_cnaZero Day InitiativeZero Day Initiative
cve_nvd_summaryThis vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The product sets incorrect permissions on sensitive files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16395.This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The product sets incorrect permissions on sensitive files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16395.
date1658181600 (07/19/2022)1658181600 (07/19/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_vuldb_rcCC
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_cna_basescore7.87.8
cvss2_vuldb_basescore9.09.0
cvss2_vuldb_tempscore9.09.0
cvss3_vuldb_basescore8.88.8
cvss3_vuldb_tempscore8.88.8
cvss3_meta_basescore8.38.1
cvss3_meta_tempscore8.38.1
price_0day$0-$5k$0-$5k
vendorParallelsParallels
nameDesktopDesktop
version17.1.117.1.1
cwe732 (permission assignment)732 (permission assignment)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_vuldb_rcCC
cvss3_cna_avLL
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cHH
cvss3_cna_iHH
cvss3_cna_aHH
urlhttps://www.zerodayinitiative.com/advisories/ZDI-22-942/https://www.zerodayinitiative.com/advisories/ZDI-22-942/
cveCVE-2022-34891CVE-2022-34891
cve_assigned1656540000 (06/30/2022)1656540000 (06/30/2022)
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss3_nvd_basescore7.8

Interested in the pricing of exploits?

See the underground prices here!