Main Vulnerability Database Exploits ID:10329 - Exploit for Path traversal in Parallels Desktop - CVE-2023-27326

ID:10329 - Exploit for Path traversal in Parallels Desktop - CVE-2023-27326

Published: August 9, 2024

Vulnerability identifier: #VU73226

Vulnerability risk: Low

CVE-ID: CVE-2023-27326

CWE-ID: CWE-22

Exploitation vector: Local access

Vulnerable software:
Parallels Desktop

Link to public exploit:

https://github.com/Impalabs/CVE-2023-27326

Vulnerability description

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the Toolgate component. A local administrator can send a specially crafted HTTP request and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

ID:10329 - Exploit for Path traversal in Parallels Desktop - CVE-2023-27326

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human