A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HParallels Desktop
APPParallels20.1.1_\(55740\)
Related vulnerabilities
A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop fo...
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version...
A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parall...
Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than...
Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability al...