#VU26129 Time-of-check Time-of-use (TOCTOU) Race Condition in Parallels Desktop - CVE-2020-8873
Published: March 17, 2020
Vulnerability identifier: #VU26129
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-8873
CWE-ID:
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Parallels Desktop
Parallels Desktop
Software vendor:
Parallels
Parallels
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a lack of proper locking when performing operations on an object within the xHCI component. An local user can gain elevated privileges on the target system.
The vulnerability exists due to a lack of proper locking when performing operations on an object within the xHCI component. An local user can gain elevated privileges on the target system.
Remediation
Install updates from vendor's website.