Privilege Escalation in Parallels Desktop by Parallels
CVE-2022-34892

7.8HIGH

Key Information:

Vendor: Parallels
Status: Desktop
Vendor: CVE Published:; 18 July 2022

What is CVE-2022-34892?

This vulnerability allows local attackers to escalate privileges in Parallels Desktop installations by exploiting a flaw in the update mechanism. The issue arises from improper locking during operations on an object, enabling an attacker who has already gained low-level access to execute arbitrary code with elevated privileges, potentially obtaining root access.

Affected Version(s)

Desktop Parallels Desktop 17.1.1

References

https://kb.parallels.com/125013

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-22-943/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2022
Vulnerability Reserved
Jun 30, 2022

Credit

aegis