CVE-2020-8968
Parallels Remote Application Server credentials management errors
Severity Score
7.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.
Parallels Remote Application Server (RAS) permite a un atacante local recuperar determinadas contraseñas de perfil en formato de texto sin cifrar al cargar un archivo cifrado previamente almacenado por Parallels RAS. La confidencialidad, disponibilidad e integridad de la información del usuario podría estar comprometida si un atacante es capaz de recuperar la contraseña del perfil
*Credits:
Francisco Palma, Diego León and David Jiménez
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-02-13 CVE Reserved
- 2021-12-17 CVE Published
- 2023-07-10 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/parallels-remote-application-server-credentials-management-errors | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Parallels Search vendor "Parallels" | Remote Application Server Search vendor "Parallels" for product "Remote Application Server" | >= 15.5 <= 17.0 Search vendor "Parallels" for product "Remote Application Server" and version " >= 15.5 <= 17.0" | - |
Affected
| ||||||