This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16396.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2022-07-18T14:17:35

Updated: 2024-08-03T09:22:10.650Z

Reserved: 2022-06-30T00:00:00

Link: CVE-2022-34892

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2022-07-18T15:15:08.540

Modified: 2022-07-28T13:53:14.820

Link: CVE-2022-34892

cve-icon Redhat

No data.