CVE-2021-31422

May 10, 2021

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000e virtual device. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12527.

Summary:

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000e virtual device. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12527.

Reference Links(if available):

  • https://kb.parallels.com/en/125013
  • https://www.zerodayinitiative.com/advisories/ZDI-21-430/

  • CVSS Score (if available)

    v2: / HIGH

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    gophish

    GoPhish Login Page Detected – 37[.]187[.]55[.]194:443

    April 14, 2024
    gophish

    GoPhish Login Page Detected – 59[.]13[.]157[.]16:4433

    April 14, 2024
    gophish

    GoPhish Login Page Detected – 18[.]159[.]172[.]65:443

    April 14, 2024
    CISA Logo

    CISA: Microsoft Releases April 2024 Security Updates 

    April 14, 2024
    CISA Logo

    CISA: Fortinet Releases Security Updates for Multiple Products

    April 14, 2024