Time-of-check Time-of-use (TOCTOU) Race Condition in Parallels Desktop - CVE-2021-31427

 

Time-of-check Time-of-use (TOCTOU) Race Condition in Parallels Desktop - CVE-2021-31427

Published: April 23, 2021 / Updated: April 23, 2021


Vulnerability identifier: #VU52517
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-31427
CWE-ID: CWE-367
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Parallels
Affected software:
Parallels Desktop

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information on the system.

The vulnerability exists due to the lack of proper locking when performing operations on an object within the Open Tools Gate component. A local administrator can gain access to sensitive information on the target system.


How to mitigate CVE-2021-31427

Install updates from vendor's website.

Sources