Multiple vulnerabilities in Parallels Desktop
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2020-17402 CVE-2020-17401 CVE-2020-17400 CVE-2020-17399 CVE-2020-17398 CVE-2020-17397 CVE-2020-17396 CVE-2020-17395 CVE-2020-17394 CVE-2020-17392 CVE-2020-17391 |
| CWE-ID | CWE-732 CWE-125 CWE-787 CWE-190 CWE-191 CWE-822 CWE-200 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Parallels Desktop Operating systems & Components / Operating system package or component |
| Vendor | Parallels |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Incorrect permission assignment for critical resource
EUVDB-ID: #VU45775
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-17402
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an error within the prl_hypervisor kext. A local user can view contents of a log file and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsParallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)
CPE2.3- cpe:2.3:o:parallels:paralells_desktop:15.0.0 (46967):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.0 (47107):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.1 (47117):*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-20-1020/
https://kb.parallels.com/en/125013
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU45774
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-17401
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the VGA virtual device. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsParallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)
CPE2.3- cpe:2.3:o:parallels:paralells_desktop:15.0.0 (46967):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.0 (47107):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.1 (47117):*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-20-1019/
https://kb.parallels.com/en/125013
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU45773
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-17400
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the prl_hypervisor kext. A local user to run a specially crafted program to trigger out-of-bounds read error and execute arbitrary code in the context of the hypervisor.
MitigationInstall updates from vendor's website.
Vulnerable software versionsParallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)
CPE2.3- cpe:2.3:o:parallels:paralells_desktop:15.0.0 (46967):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.0 (47107):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.1 (47117):*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-20-1018/
https://kb.parallels.com/en/125013
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU45772
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-17399
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input within the prl_hypervisor kext. A local user can run a specially crafted program to trigger out-of-bounds write and execute arbitrary code in the context of the kernel.
MitigationInstall updates from vendor's website.
Vulnerable software versionsParallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)
CPE2.3- cpe:2.3:o:parallels:paralells_desktop:15.0.0 (46967):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.0 (47107):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.1 (47117):*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-20-1017/
https://kb.parallels.com/en/125013
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU45771
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-17398
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the prl_hypervisor kext. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsParallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)
CPE2.3- cpe:2.3:o:parallels:paralells_desktop:15.0.0 (46967):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.0 (47107):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.1 (47117):*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-20-1016/
https://kb.parallels.com/en/125013
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU45770
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-17397
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the handling of network packets. A local user can run a specially crafted application to trigger out-of-bounds read error and in the context of the hypervisor.
MitigationInstall updates from vendor's website.
Vulnerable software versionsParallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)
CPE2.3- cpe:2.3:o:parallels:paralells_desktop:15.0.0 (46967):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.0 (47107):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.1 (47117):*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-20-1015/
https://kb.parallels.com/en/125013
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU45769
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-17396
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the prl_hypervisor module. A local user can run a specially crafted program to trigger integer overflow and execute arbitrary code in the context of the kernel.
MitigationInstall updates from vendor's website.
Vulnerable software versionsParallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)
CPE2.3- cpe:2.3:o:parallels:paralells_desktop:15.0.0 (46967):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.0 (47107):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.1 (47117):*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-20-1014/
https://kb.parallels.com/en/125013
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Integer underflow
EUVDB-ID: #VU45768
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-17395
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer underflow within the prl_naptd process. A local user can run a specially crafted program to trigger integer underflow and execute arbitrary code in the context of the hypervisor.
MitigationInstall updates from vendor's website.
Vulnerable software versionsParallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)
CPE2.3- cpe:2.3:o:parallels:paralells_desktop:15.0.0 (46967):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.0 (47107):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.1 (47117):*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-20-1013/
https://kb.parallels.com/en/125013
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU45767
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-17394
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the OEMNet component. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsParallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)
CPE2.3- cpe:2.3:o:parallels:paralells_desktop:15.0.0 (46967):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.0 (47107):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.1 (47117):*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-20-1012/
https://kb.parallels.com/en/125013
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Untrusted Pointer Dereference
EUVDB-ID: #VU45765
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-17392
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to untrusted pointer dereference error when handling HOST_IOCTL_SET_KERNEL_SYMBOLS in the prl_hypervisor kext. A local user to can run a specially crafted program to trigger pointer dereference and execute arbitrary code on the system in the context of the kernel.
MitigationInstall updates from vendor's website.
Vulnerable software versionsParallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)
CPE2.3- cpe:2.3:o:parallels:paralells_desktop:15.0.0 (46967):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.0 (47107):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.1 (47117):*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-20-1010/
https://kb.parallels.com/en/125013
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information disclosure
EUVDB-ID: #VU45764
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-17391
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an error in handling the HOST_IOCTL_INIT_HYPERVISOR in the prl_hypervisor kext. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsParallels Desktop: 15.0.0 (46967) - 15.1.4 (47270)
CPE2.3- cpe:2.3:o:parallels:paralells_desktop:15.0.0 (46967):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.0 (47107):*:*:*:*:*:*:*
- cpe:2.3:o:parallels:paralells_desktop:15.1.1 (47117):*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-20-1009/
https://kb.parallels.com/en/125013
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
