Local Privilege Escalation in Parallels Access Agent 6.5.3
CVE-2022-34900
7.8HIGH
What is CVE-2022-34900?
This security vulnerability in Parallels Access 6.5.3 allows local attackers to escalate their privileges. The flaw exists within the Dispatcher service, which improperly loads an OpenSSL configuration file from an unsecured location. An attacker, who is able to execute low-privileged code on the target system, can exploit this issue to gain elevated privileges and execute arbitrary code in the context of the SYSTEM user. This creates significant security risks for users of affected installations.
Affected Version(s)
Access 6.5.3 (39313)