Main Vulnerability Database Vulnerabilities #VU26130

#VU26130 Integer overflow in Parallels Desktop - CVE-2020-8874

Published: March 17, 2020

Vulnerability identifier: #VU26130

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-8874

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Parallels Desktop

Software vendor:
Parallels

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in the xHCI component. A local user can trigger integer overflow and gain elevated privileges on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://www.zerodayinitiative.com/advisories/ZDI-20-295/

#VU26130 Integer overflow in Parallels Desktop - CVE-2020-8874

Description

Remediation

External links

Please verify you're human