← Volver a CVEs
CVE-2024-6240
HIGH7.7
Descripcion
Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privileges on the system.
Detalles CVE
Puntuacion CVSS v3.17.7
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado6/21/2024
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
parallels:parallels_desktop
Debilidades (CWE)
CWE-269
Referencias
https://www.incibe.es/en/incibe-cert/notices/aviso/improper-privilege-management-vulnerability-parallels-desktop(cve-coordination@incibe.es)
https://www.incibe.es/en/incibe-cert/notices/aviso/improper-privilege-management-vulnerability-parallels-desktop(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.