Design/Logic Flaw

2020-12-2519:15:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker’s client for use as a “host” value. In other words, after an attacker’s web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like “host”:“192.168.###.###” in the POST data.

CPENameOperatorVersion
remote_application_servereq18.0

CPE	Name	Operator	Version
	remote_application_server	eq	18.0

References

twitter.com/amadapa/status/1342407005110218753

www.elladodelmal.com/2020/12/blue-team-red-team-como-parallels-ras.html