5 matches found
CVE-2024-54189
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary fil...
CVE-2024-54189
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary fil...
CVE-2024-54189
creationtimestamp| type| source ---|---|--- 2025-06-03 10:00:13+00:00| seen| https://infosec.place/objects/058aaad9-ac04-48ea-b2ba-18347f0a6be0 2025-06-03 10:06:06+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3lqp25ovz6r2p 2025-06-03 10:23:16+00:00| seen|...
CVE-2024-54189
Summary: CVE-2024-54189 is a local privilege-escalation vulnerability in Parallels Desktop for Mac 20.1.1 (build 55740). During VM snapshot creation, the root-level prl_disp_service writes metadata to a snapshot.xml file in a VM directory owned by a normal user. An attacker can replace that file ...
Parallels Desktop prl_disp_service Snapshots.xml Hard Link Privilege Escalation
Talos Vulnerability Report TALOS-2024-2124 Parallels Desktop prldispservice Snapshots.xml Hard Link Privilege Escalation June 3, 2025 CVE Number CVE-2024-54189 SUMMARY A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740...