CVE-2024-54189
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation.
Existe una vulnerabilidad de escalada de privilegios en la función de instantáneas de Parallels Desktop para Mac versión 20.1.1 (compilación 55740). Al tomar una instantánea de una máquina virtual, un servicio root escribe en un archivo propiedad de un usuario normal. Mediante un enlace físico, un atacante puede escribir en un archivo arbitrario, lo que podría provocar una escalada de privilegios.
*Credits:
Discovered by KPC of Cisco Talos.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-12-05 CVE Reserved
- 2025-06-03 CVE Published
- 2025-06-03 CVE Updated
- 2025-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-62: UNIX Hard Link
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2024-2124 | ||
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2124 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Parallels Search vendor "Parallels" | Parallels Desktop For Mac Search vendor "Parallels" for product "Parallels Desktop For Mac" | 20.1.1 Search vendor "Parallels" for product "Parallels Desktop For Mac" and version "20.1.1" | en |
Affected
| ||||||