Lucene search

[email protected]NVD:CVE-2023-45894

HistoryDec 14, 2023 - 8:15 p.m.

CVE-2023-45894

2023-12-1420:15:52

[email protected]

web.nvd.nist.gov

cve-2023-45894

remote application server

parallels ras

remote code execution

kiosk breakout

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

59.2%

JSON

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques.

Affected configurations

Nvd

Node

parallelsremote_application_serverRange<19.2.23975

VendorProductVersionCPE
parallelsremote_application_server*cpe:2.3:a:parallels:remote_application_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
parallels	remote_application_server	*	cpe:2.3:a:parallels:remote_application_server::::::::

References

github.com/Oracle-Security/CVEs/blob/main/Parallels%20Remote%20Server/readme.md

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

59.2%

JSON

Related for NVD:CVE-2023-45894

prion1 cve1 cvelist1