Information Disclosure Vulnerability in Parallels Desktop by Parallels
CVE-2022-34890
7.3HIGH
What is CVE-2022-34890?
This vulnerability in Parallels Desktop allows local attackers to disclose sensitive information on installations of version 17.1.1. It arises from insufficient validation of a user-supplied value prior to its dereferencing as a pointer in the Parallels Tools component. An attacker must first be able to execute low-privileged code on the guest system, which could potentially be leveraged with other vulnerabilities to escalate privileges and execute arbitrary code at the kernel level.
Affected Version(s)
Desktop 17.1.1 (51537)