Parallels Desktop 17.1.1 erweiterte Rechte

Es wurde eine kritische Schwachstelle in Parallels Desktop 17.1.1 gefunden. Betroffen hiervon ist ein unbekannter Ablauf. Es sind keine Informationen bezüglich Gegenmassnahmen bekannt. Der Einsatz eines alternativen Produkts bietet sich im Zweifelsfall an.

Feld19.07.2022 10:0506.08.2022 12:22
cve_cnaZero Day InitiativeZero Day Initiative
cve_nvd_summaryThis vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The product sets incorrect permissions on sensitive files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16395.This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The product sets incorrect permissions on sensitive files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16395.
date1658181600 (19.07.2022)1658181600 (19.07.2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_vuldb_rcCC
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_cna_basescore7.87.8
cvss2_vuldb_basescore9.09.0
cvss2_vuldb_tempscore9.09.0
cvss3_vuldb_basescore8.88.8
cvss3_vuldb_tempscore8.88.8
cvss3_meta_basescore8.38.1
cvss3_meta_tempscore8.38.1
price_0day$0-$5k$0-$5k
vendorParallelsParallels
nameDesktopDesktop
version17.1.117.1.1
cwe732 (erweiterte Rechte)732 (erweiterte Rechte)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_vuldb_rcCC
cvss3_cna_avLL
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cHH
cvss3_cna_iHH
cvss3_cna_aHH
urlhttps://www.zerodayinitiative.com/advisories/ZDI-22-942/https://www.zerodayinitiative.com/advisories/ZDI-22-942/
cveCVE-2022-34891CVE-2022-34891
cve_assigned1656540000 (30.06.2022)1656540000 (30.06.2022)
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss3_nvd_basescore7.8

Do you know our Splunk app?

Download it now for free!