Privilege Escalation Vulnerability in Parallels Desktop by Parallels
CVE-2021-34869

7.8HIGH

Key Information:

Vendor: Parallels
Status: Desktop
Vendor: CVE Published:; 25 January 2022

What is CVE-2021-34869?

A privilege escalation vulnerability exists in Parallels Desktop that allows local attackers to exploit the Toolgate component via improper validation of user-supplied data. This flaw can lead to uncontrolled memory allocation, enabling an attacker with low-privileged code execution access on the guest system to escalate privileges and execute arbitrary code in the hypervisor's context.

Affected Version(s)

Desktop 16.1.3-49160

References

https://kb.parallels.com/125013

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-1057/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 25, 2022
Vulnerability Reserved
Jun 17, 2021

Credit

Reno Robert of Trend Micro Zero Day Initiative