Published: 23/03/2020 Updated: 04/05/2020

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

This vulnerability allows local malicious users to escalate privileges on affected installations of Parallels Desktop 15.1.0-47107 . An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-9403.

Vulnerable Product	Search on Vulmon	Subscribe to Product
parallels parallels desktop

VirtualBox_IO-Fuzz Version Product : VirtualBox Build 6116, 6126 Host OS : Windows 10 x64 (190411288) Guest OS : Ubuntu 2004 (Focal Fossa) Result CVE-2021-2086 : Oracle VirtualBox I/O Request 0x177 Denial-of-Service CVE-2021-35540 : Oracle VirtualBox I/O Request 0x20, 0xa0 Denial-of-Service Reference CVE-2020-8871: PRIVILEGE ESCALATION IN PARALLELS DESKTOP VIA VGA DEVICE

CWE-787 https://www.zerodayinitiative.com/advisories/ZDI-20-292/https://nvd.nist.gov https://github.com/dlehgus1023/VirtualBox_IO-Fuzz

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-8871

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect