A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HParallels Desktop
APPParallels20.1.1_\(55740\)
Related vulnerabilities
A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop fo...
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version...
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version...
Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than...
Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability al...