Main Vulnerability Database Vulnerabilities #VU26130

Integer overflow in Parallels Desktop - CVE-2020-8874

Published: March 17, 2020

Vulnerability identifier: #VU26130

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-8874

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Parallels

Affected software:
Parallels Desktop

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in the xHCI component. A local user can trigger integer overflow and gain elevated privileges on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2020-8874

Install updates from vendor's website.

Sources

https://www.zerodayinitiative.com/advisories/ZDI-20-295/

Integer overflow in Parallels Desktop - CVE-2020-8874

Detailed vulnerability description

How to mitigate CVE-2020-8874

Sources

Please verify you're human