Parallels Access 6.5.4 uncontrolled search path

A vulnerability was found in Parallels Access 6.5.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field07/19/2022 11:05 AM08/06/2022 01:14 PM
vendorParallelsParallels
nameAccessAccess
version6.5.46.5.4
cwe427 (uncontrolled search path)427 (uncontrolled search path)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_vuldb_rcCC
cvss3_cna_avLL
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cHH
cvss3_cna_iHH
cvss3_cna_aHH
urlhttps://www.zerodayinitiative.com/advisories/ZDI-22-948/https://www.zerodayinitiative.com/advisories/ZDI-22-948/
confirm_urlhttps://kb.parallels.com/en/129010https://kb.parallels.com/en/129010
cveCVE-2022-34901CVE-2022-34901
cve_assigned1656626400 (07/01/2022)1656626400 (07/01/2022)
cve_cnaZero Day InitiativeZero Day Initiative
cve_nvd_summaryThis vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The service executes files from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16137.This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The service executes files from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16137.
date1658181600 (07/19/2022)1658181600 (07/19/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_vuldb_rcCC
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_cna_basescore7.87.8
cvss2_vuldb_basescore9.09.0
cvss2_vuldb_tempscore9.09.0
cvss3_vuldb_basescore8.88.8
cvss3_vuldb_tempscore8.88.8
cvss3_meta_basescore8.38.1
cvss3_meta_tempscore8.38.1
price_0day$0-$5k$0-$5k
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss3_nvd_basescore7.8

Do you need the next level of professionalism?

Upgrade your account now!