CVE-2020-35710

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like "host":"192.168.###.###" in the POST data.

Parallels Remote Application Server (RAS) versión 18, permite a atacantes remotos detectar una dirección IP de intranet porque el envío del formulario de inicio de sesión (inclusive con credenciales en blanco) proporciona esta dirección al cliente del atacante para usarla como valor de "host". En otras palabras, después de que el navegador web de un atacante envió una petición hacia el formulario de inicio de sesión, podría automáticamente enviar una segunda petición hacia un URI RASHTML5Gateway/socket.io con algo como "host":"192.168.###.###" en los datos POST

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-12-25 CVE Reserved
2020-12-25 CVE Published
2023-12-29 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (2)

URL	Tag	Source
https://twitter.com/amadapa/status/1342407005110218753	Third Party Advisory

URL	Date	SRC
https://www.elladodelmal.com/2020/12/blue-team-red-team-como-parallels-ras.html	2024-08-04

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Parallels Search vendor "Parallels"		Remote Application Server Search vendor "Parallels" for product "Remote Application Server"				18.0 Search vendor "Parallels" for product "Remote Application Server" and version "18.0"		-		Affected