4 matches found
CVE-2022-34900
CVE-2022-34900 affects Parallels Access Agent 6.5.3 (39313). The Dispatcher service loads an OpenSSL configuration file from an unsecured location, enabling a local attacker who can run low-privileged code to escalate to SYSTEM and execute arbitrary code. Documented by ZDI-22-945 (and related fee...
CVE-2022-34901
CVE-2022-34901 affects Parallels Access Agent 6.5.4 (39316). The flaw resides in the Parallels Service, which executes files from an unsecured location, enabling a local attacker who can run low-privileged code to escalate to root and execute arbitrary code. The vulnerability is labeled as a loca...
CVE-2022-34899
CVE-2022-34899 affects Parallels Access 6.5.4 (39316) Agent. A local attacker who can run low-privilege code can abuse a flaw in the Parallels service by using symbolic links to escalate privileges and execute arbitrary code as root. Root-level impact is stated; the flaw is tied to a local privil...
CVE-2022-34902
Parallels Access 6.5.4 Agent is affected by CVE-2022-34902. The Desktop Control Agent loads Qt plugins from an unsecured location, enabling a local attacker who can run low-privilege code to escalate to SYSTEM and execute arbitrary code. This is a local privilege escalation via an uncontrolled se...