Information Disclosure Vulnerability in Parallels Desktop by Parallels
CVE-2022-34890

7.3HIGH

Key Information:

Vendor: Parallels
Status: Desktop
Vendor: CVE Published:; 18 July 2022

What is CVE-2022-34890?

This vulnerability in Parallels Desktop allows local attackers to disclose sensitive information on installations of version 17.1.1. It arises from insufficient validation of a user-supplied value prior to its dereferencing as a pointer in the Parallels Tools component. An attacker must first be able to execute low-privileged code on the guest system, which could potentially be leveraged with other vulnerabilities to escalate privileges and execute arbitrary code at the kernel level.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Desktop 17.1.1 (51537)

References

https://kb.parallels.com/125013

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-22-941/

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 18, 2022
Vulnerability Reserved
Jun 30, 2022

Credit

Meysam Firouzi of Mbition mercedes-benz innovation lab

JSON

Parallels