CVE-2024-34331

critical

Description

A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.

References

https://khronokernel.com/macos/2024/05/30/CVE-2024-34331.html

https://kb.parallels.com/129860

Details

Source: Mitre, NVD

Published: 2024-09-23

Updated: 2024-09-26

Named Vulnerability: Parallels Desktop security issue

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Interest

Detections

Analytics