Privilege Escalation Vulnerability in Parallels Desktop by Parallels
CVE-2022-34891

7.8HIGH

Key Information:

Vendor: Parallels
Status: Desktop
Vendor: CVE Published:; 18 July 2022

What is CVE-2022-34891?

A security vulnerability exists in Parallels Desktop 17.1.1 that allows local attackers to escalate their privileges. This flaw is due to the improper permissions set on sensitive files within the update mechanism of the software. To exploit this vulnerability, an attacker must have the ability to run low-privileged code on the system. Successfully leveraging this vulnerability would enable the attacker to execute arbitrary code with root privileges, posing significant risks to system integrity.

Affected Version(s)

Desktop Parallels Desktop 17.1.1

References

https://kb.parallels.com/125013

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-22-942/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2022
Vulnerability Reserved
Jun 30, 2022

Credit

aegis