Lucene search

[email protected]CVE-2024-6240

HistoryJun 21, 2024 - 2:15 p.m.

CVE-2024-6240

2024-06-2114:15:14

CWE-269

[email protected]

web.nvd.nist.gov

privilege management

parallels desktop software

vulnerability

malicious script

bash_env

escalate privileges

cve-2024-6240

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

39.3%

JSON

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privileges on the system.

Affected configurations

Vulners

NVD

Node

parallelsparallels_desktopRange<19.3.0

CPENameOperatorVersion
parallels:parallels_desktopparallels parallels desktoplt19.3.0

CPE	Name	Operator	Version
parallels:parallels_desktop	parallels parallels desktop	lt	19.3.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Parallels Desktop",
    "vendor": "Parallels",
    "versions": [
      {
        "lessThan": "19.3.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/improper-privilege-management-vulnerability-parallels-desktop

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVE-2024-6240

cvelist1 nvd1 vulnrichment1