CVE-2024-6240
Improper privilege management vulnerability in Parallels Desktop
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privileges on the system.
Vulnerabilidad de gestión de privilegios incorrecta en Parallels Desktop Software, que afecta a versiones anteriores a la 19.3.0. Un atacante podría agregar código malicioso en un script y completar la variable de entorno BASH_ENV con la ruta al script malicioso, ejecutándose al iniciar la aplicación. Un atacante podría aprovechar esta vulnerabilidad para aumentar los privilegios en el sistema.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-06-21 CVE Reserved
- 2024-06-21 CVE Published
- 2024-06-25 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/improper-privilege-management-vulnerability-parallels-desktop | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Parallels Search vendor "Parallels" | Parallels Desktop Search vendor "Parallels" for product "Parallels Desktop" | < 19.3.0 Search vendor "Parallels" for product "Parallels Desktop" and version " < 19.3.0" | macos |
Affected
| ||||||