← Back to CVEs
CVE-2024-6240
HIGH7.7
Description
Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privileges on the system.
CVE Details
CVSS v3.1 Score7.7
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredLOW
User InteractionREQUIRED
Published6/21/2024
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
parallels:parallels_desktop
Weaknesses (CWE)
CWE-269
References
https://www.incibe.es/en/incibe-cert/notices/aviso/improper-privilege-management-vulnerability-parallels-desktop(cve-coordination@incibe.es)
https://www.incibe.es/en/incibe-cert/notices/aviso/improper-privilege-management-vulnerability-parallels-desktop(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.