Lucene search

K
zdiKn32ZDI-23-215
HistoryMar 07, 2023 - 12:00 a.m.

Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

2023-03-0700:00:00
kn32
www.zerodayinitiative.com
7
vulnerability
local attacker
privilege escalation
parallels desktop
toolgate component
high-privileged code
exploit
lack of proper locking
arbitrary code

0.0005 Low

EPSS

Percentile

16.3%

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system.

0.0005 Low

EPSS

Percentile

16.3%

Related for ZDI-23-215