Multiple vulnerabilities in Parallels Desktop

1) Incorrect permission assignment for critical resource

EUVDB-ID: #VU45775

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-17402

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an error within the prl_hypervisor kext. A local user can view contents of a log file and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Parallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)

External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1020/
http://kb.parallels.com/en/125013

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU45774

Risk: Low

CVSSv3.1: 2.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-17401

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the VGA virtual device. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Parallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)

External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1019/
http://kb.parallels.com/en/125013

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU45773

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-17400

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the prl_hypervisor kext. A local user to run a specially crafted program to trigger out-of-bounds read error and execute arbitrary code in the context of the hypervisor.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Parallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)

External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1018/
http://kb.parallels.com/en/125013

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

EUVDB-ID: #VU45772

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-17399

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input within the prl_hypervisor kext. A local user can run a specially crafted program to trigger out-of-bounds write and execute arbitrary code in the context of the kernel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Parallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)

External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1017/
http://kb.parallels.com/en/125013

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU45771

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-17398

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the prl_hypervisor kext. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Parallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)

External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1016/
http://kb.parallels.com/en/125013

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU45770

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-17397

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the handling of network packets. A local user can run a specially crafted application to trigger out-of-bounds read error and  in the context of the hypervisor.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Parallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)

External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1015/
http://kb.parallels.com/en/125013

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Integer overflow

EUVDB-ID: #VU45769

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-17396

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the prl_hypervisor module. A local user can run a specially crafted program to trigger integer overflow and execute arbitrary code in the context of the kernel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Parallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)

External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1014/
http://kb.parallels.com/en/125013

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Integer underflow

EUVDB-ID: #VU45768

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-17395

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer underflow within the prl_naptd process. A local user can run a specially crafted program to trigger integer underflow and execute arbitrary code  in the context of the hypervisor.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Parallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)

External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1013/
http://kb.parallels.com/en/125013

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU45767

Risk: Low

CVSSv3.1: 2.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-17394

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the OEMNet component. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Parallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)

External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1012/
http://kb.parallels.com/en/125013

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Untrusted Pointer Dereference

EUVDB-ID: #VU45765

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-17392

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to untrusted pointer dereference error when handling HOST_IOCTL_SET_KERNEL_SYMBOLS in the prl_hypervisor kext. A local user to can run a specially crafted program to trigger pointer dereference and execute arbitrary code on the system in the context of the kernel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Parallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)

External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1010/
http://kb.parallels.com/en/125013

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information disclosure

EUVDB-ID: #VU45764

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-17391

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an error in handling the HOST_IOCTL_INIT_HYPERVISOR in the prl_hypervisor kext. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Parallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)

External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1009/
http://kb.parallels.com/en/125013

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.