Main Vulnerability Database Exploits ID:9063 - Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Parallels Desktop - CVE-2023-27327

ID:9063 - Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Parallels Desktop - CVE-2023-27327

Published: May 10, 2023

Vulnerability identifier: #VU73233

Vulnerability risk: Low

CVE-ID: CVE-2023-27327

CWE-ID: CWE-367

Exploitation vector: Local access

Vulnerable software:
Parallels Desktop

Link to public exploit:

https://github.com/kn32/parallels-plist-escape

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a time-of-check-time-of-use (TOCTOU) race condition within the Toolgate component. A local administrator can gain elevated privileges on the target system.

Remediation

Install updates from vendor's website.

ID:9063 - Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Parallels Desktop - CVE-2023-27327

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human