漏洞标题
Parallels Desktop Toolgate目录遍历本地权限提升漏洞
漏洞描述信息
Parallels Desktop Toolgate目录遍历本地权限提升漏洞。此漏洞允许本地攻击者在受影響的Parallels Desktop安裝上提升权限。
攻击者首先必须获得在目标虚拟机系统上执行高权限代码的能力,才能利用此漏洞。
具体漏洞存在于Toolgate组件中。问题在于,在使用用户提供的路径进行文件操作之前,缺乏对其的有效验证。攻击者可以利用此漏洞提升权限,并在主机系统的当前用户上下文中执行任意代码。此漏洞被标识为ZDI-CAN-18933。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability
漏洞描述信息
Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.
The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system.
. Was ZDI-CAN-18933.
CVSS信息
N/A
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
Corel Parallels Desktop 安全漏洞
漏洞描述信息
Corel Parallels Desktop是加拿大科亿尔数码科技(Corel)公司的一套适用于macOS平台的虚拟机软件。 Corel Parallels Desktop Service存在安全漏洞,该漏洞源于Toolgate组件中存在目录遍历漏洞。
CVSS信息
N/A
漏洞类别
其他