Main Vulnerability Database Vulnerabilities #VU52517

#VU52517 Time-of-check Time-of-use (TOCTOU) Race Condition in Parallels Desktop - CVE-2021-31427

Published: April 23, 2021 / Updated: April 23, 2021

Vulnerability identifier: #VU52517

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-31427

CWE-ID: CWE-367

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Parallels Desktop

Software vendor:
Parallels

Description

The vulnerability allows a local user to gain access to sensitive information on the system.

The vulnerability exists due to the lack of proper locking when performing operations on an object within the Open Tools Gate component. A local administrator can gain access to sensitive information on the target system.

Remediation

Install updates from vendor's website.

External links

https://www.zerodayinitiative.com/advisories/ZDI-21-435/
https://kb.parallels.com/en/125013

#VU52517 Time-of-check Time-of-use (TOCTOU) Race Condition in Parallels Desktop - CVE-2021-31427

Description

Remediation

External links

Please verify you're human