7.8

CVE-2023-50228

EPSS 0.05%
Veröffentlicht 03.05.2024 03:16:11
Zuletzt bearbeitet 08.08.2025 18:45:06
Quelle zdi-disclosures@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.

The specific flaw exists within the Updater service. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
. Was ZDI-CAN-21817.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Parallels ≫ Parallels Desktop SwPlatformmacos Version < 19.1.0_\(54729\)

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.151

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
zdi-disclosures@trendmicro.com	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://kb.parallels.com/en/125013

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-1803/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-50228

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50228

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50228

EUVD