CVE-2023-27324

EPSS 0.12%
Veröffentlicht 03.05.2024 02:15:08
Zuletzt bearbeitet 06.08.2025 21:37:26
Quelle zdi-disclosures@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.

The specific flaw exists within the Updater service. The issue results from the lack of proper initialization of environment variables. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
. Was ZDI-CAN-18229.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Parallels ≫ Parallels Desktop SwPlatformmacos Version < 18.1.0_\(53311\)

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.31

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
zdi-disclosures@trendmicro.com	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-665 Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

https://kb.parallels.com/125013

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-218/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-27324

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-27324

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-27324

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-27324